[jira] [Commented] (TOMEE-3725) Returns invalid principal - Java EE Security - Inject javax.security.enterprise.SecurityContext

2021-04-23 Thread Jean-Louis Monteiro (Jira) 


[ 
https://issues.apache.org/jira/browse/TOMEE-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17330950#comment-17330950
 ] 

Jean-Louis Monteiro commented on TOMEE-3725:


Would you be able to package a small sample, push it to your github repo or zip 
it up (attached here)?

That would help. 

 

I am not sure what the spec says with getCallerPrincipal

I'd need to check and maybe open a ticket to clarify. 

 

The SecurityContext from the Security API provides a method to get desired 
Principal

> Returns invalid principal -   Java EE Security - Inject 
> javax.security.enterprise.SecurityContext
> -
>
> Key: TOMEE-3725
> URL: https://issues.apache.org/jira/browse/TOMEE-3725
> Project: TomEE
>  Issue Type: Bug
>  Components: TomEE Core Server
>Affects Versions: 8.0.6
>Reporter: Pramod
>Priority: Major
> Fix For: 8.0.6
>
>
> We used apache-tomee-plume-8.0.6 for this issue reproduce.
> We use our own JASPIC implementation for security, which works fine so far. 
> It creates a CallerPrincipalCallback with subject and our own 
> AuthenticatedUser principal. But if we call in an EJB ctx.getCallerPrincipal 
> we get "GenericPrincipal"
> "getCallerPrincipal >[TomcatUser: 
> GenericPrincipal[X(JFOXXXST.administrator,JFOXXXST.users,)]]"
>  
> & NOT AuthenticatedUser principal- It seems our REQUIRED principal is not 
> propagated correctly from servlet container to EJB container, the same works 
> fine in OpenLiberty 21.0.0.X
>  
> After spending some more check in security - looks like 
> tomee-security-8.0.6.jar has below implementation which is returning empty 
> set - is this expected? or future implementation will be provided?
>  public Principal getCallerPrincipal()
>  {
>  return this.securityService.getCallerPrincipal();
>  }
> public  Set getPrincipalsByType(Class pType)
> { return Collections.emptySet(); }



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Build failed in Jenkins: TomEE » master-owasp-check #62

2021-04-23 Thread Apache Jenkins Server 
See 


Changes:

[Jean-Louis Monteiro] Fix some enum conversion with the EL Processor

[Jean-Louis Monteiro] Fix hashAlgorithmParameters parsing and evaluation

[Jean-Louis Monteiro] Improve the way we evalate EL

[Jean-Louis Monteiro] Add a workaround in case there is only one mechanism 
available


--
[...truncated 559.00 KB...]
[Fast Archiver] No prior successful build to compare, so performing full copy 
of artifacts
[JENKINS] Archiving 

 to 
org.apache.openejb.itests/legacy-server/8.0.7-SNAPSHOT/legacy-server-8.0.7-SNAPSHOT.pom
[Fast Archiver] No prior successful build to compare, so performing full copy 
of artifacts
[JENKINS] Archiving 

 to 
org.apache.tomee/arquillian-tomee-common/8.0.7-SNAPSHOT/arquillian-tomee-common-8.0.7-SNAPSHOT.pom
[Fast Archiver] No prior successful build to compare, so performing full copy 
of artifacts
[JENKINS] Archiving 

 to 
org.apache.tomee/microprofile-opentracing-tck/8.0.7-SNAPSHOT/microprofile-opentracing-tck-8.0.7-SNAPSHOT.pom
[Fast Archiver] No prior successful build to compare, so performing full copy 
of artifacts
[JENKINS] Archiving 

 to 
org.apache.tomee/arquillian-tomee-tests/8.0.7-SNAPSHOT/arquillian-tomee-tests-8.0.7-SNAPSHOT.pom
[Fast Archiver] No prior successful build to compare, so performing full copy 
of artifacts
[JENKINS] Archiving 

 to org.apache.tomee/tomee-util/8.0.7-SNAPSHOT/tomee-util-8.0.7-SNAPSHOT.pom
[Fast Archiver] No prior successful build to compare, so performing full copy 
of artifacts
[JENKINS] Archiving 

 to 
org.apache.tomee/openejb-derbynet/8.0.7-SNAPSHOT/openejb-derbynet-8.0.7-SNAPSHOT.pom
[Fast Archiver] No prior successful build to compare, so performing full copy 
of artifacts
[JENKINS] Archiving 

 to org.apache.tomee/tomee-jdbc/8.0.7-SNAPSHOT/tomee-jdbc-8.0.7-SNAPSHOT.pom
[Fast Archiver] No prior successful build to compare, so performing full copy 
of artifacts
[JENKINS] Archiving 

 to 
org.apache.tomee.bom/tomee-plume/8.0.7-SNAPSHOT/tomee-plume-8.0.7-SNAPSHOT.pom
[Fast Archiver] No prior successful build to compare, so performing full copy 
of artifacts
[JENKINS] Archiving 

 to 
org.apache.tomee.maven/tomee-embedded-maven-plugin/8.0.7-SNAPSHOT/tomee-embedded-maven-plugin-8.0.7-SNAPSHOT.pom
[Fast Archiver] No prior successful build to compare, so performing full copy 
of artifacts
[JENKINS] Archiving 

 to 
org.apache.tomee/microprofile-jwt-tck/8.0.7-SNAPSHOT/microprofile-jwt-tck-8.0.7-SNAPSHOT.pom
[Fast Archiver] No prior successful build to compare, so performing full copy 
of artifacts
[JENKINS] Archiving 

 to 
org.apache.tomee/arquillian-tomee-jaxrs-tests/8.0.7-SNAPSHOT/arquillian-tomee-jaxrs-tests-8.0.7-SNAPSHOT.pom
[Fast Archiver] No prior successful build to compare, so performing full copy 
of artifacts
[JENKINS] Archiving 

 to 
org.apache.tomee/openejb-itests-client/8.0.7-SNAPSHOT/openejb-itests-client-8.0.7-SNAPSHOT.pom
[JENKINS] Archiving 

 to 
org.apache.tomee/openejb-itests-client/8.0.7-SNAPSHOT/openejb-itests-client-8.0.7-SNAPSHOT.jar
[Fast Archiver] No prior successful build to compare, so performing full copy 
of artifacts
[JENKINS] Archiving 

 to org.apache.tomee/log4j2-tomee/8.0.7-SNAPSHOT/log4j2-tomee-8.0.7-SNAPSHOT.pom
[Fast Archiver] No prior successful build to compare, so performing full copy 
of artifacts
[JENKINS] Archiving 

 to

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Server :: CXF RS #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: Serverless Apache TomEE MicroProfile #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: MTOM #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Container :: JUnit 5 #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Server :: CXF #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: Testing Security #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: TomEE :: TomEE Embedded #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Web Examples :: REST Example #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: Testing Security Service Provider #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: Simple REST #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: REST CDI #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Server :: Http #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: Serverless Apache TomEE Plus #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: Testing Security #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: Simple Singleton #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: Transaction Rollback #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Utils :: Mockito #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Server :: EJBd #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: Testing Security Script Service Provider #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: CDI Interceptors #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: REST XML JSON #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: XA Datasource configuration and usage #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Server :: BoneCP #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: Microprofile JSONB Custom Serializer/Deserializer #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Maven Plugins :: TomEE Embedded Maven Plugin #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Container :: JUnit 5 :: Backward Compatibility #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: Datasource Ciphered Password #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: TomEE :: JDBC #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Server :: Common CLI #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Examples :: Application Composer, JAX-WS and CDI are in a boat #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Container :: Core #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full » TomEE :: Container :: JUnit #158

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-full #158

2021-04-23 Thread Apache Jenkins Server 
See

[tomee-jakarta] branch master updated: Upgrade BatchEE to 0.6

2021-04-23 Thread rzo1 
This is an automated email from the ASF dual-hosted git repository.

rzo1 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee-jakarta.git


The following commit(s) were added to refs/heads/master by this push:
 new 4f04f07  Upgrade BatchEE to 0.6
4f04f07 is described below

commit 4f04f07b994203cf168d2d48bedd7abe9f1beeab
Author: Richard Zowalla <13417392+r...@users.noreply.github.com>
AuthorDate: Fri Apr 23 22:42:52 2021 +0200

Upgrade BatchEE to 0.6
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 479956b..5f219e1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -80,7 +80,7 @@
   
 
   
-0.5-incubating
+0.6
 2.0.5
 1.9.4
 1.4

[jira] [Created] (TOMEE-3727) Ensure java.io.File is not seen as a JSONB serializable type

2021-04-23 Thread David Blevins (Jira) 
David Blevins created TOMEE-3727:


 Summary: Ensure java.io.File is not seen as a JSONB serializable 
type
 Key: TOMEE-3727
 URL: https://issues.apache.org/jira/browse/TOMEE-3727
 Project: TomEE
  Issue Type: Bug
Reporter: David Blevins
Assignee: David Blevins
 Fix For: 8.0.7


TomEEJsonbProvider does catch java.io.File as not appropriate for JSONB in 
`isWriteable` but missed the same check in `isReadable`



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[tomee] branch master updated: Ensure File and Reader are not considered readable by TomEEJsonbProvider TOMEE-3727 TOMEE-3728

2021-04-23 Thread dblevins 
This is an automated email from the ASF dual-hosted git repository.

dblevins pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git


The following commit(s) were added to refs/heads/master by this push:
 new 12619cc  Ensure File and Reader are not considered readable by 
TomEEJsonbProvider TOMEE-3727 TOMEE-3728
12619cc is described below

commit 12619cc1199aac492c03c530e32437cb474c7ab0
Author: David Blevins 
AuthorDate: Fri Apr 23 20:58:02 2021 -0700

Ensure File and Reader are not considered readable by TomEEJsonbProvider
TOMEE-3727 TOMEE-3728
---
 .../server/cxf/rs/johnzon/TomEEJsonbProvider.java  | 33 ++
 1 file changed, 8 insertions(+), 25 deletions(-)

diff --git 
a/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/johnzon/TomEEJsonbProvider.java
 
b/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/johnzon/TomEEJsonbProvider.java
index 841cea9..e9c1a26 100644
--- 
a/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/johnzon/TomEEJsonbProvider.java
+++ 
b/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/johnzon/TomEEJsonbProvider.java
@@ -23,12 +23,9 @@ import javax.activation.DataSource;
 import javax.json.bind.JsonbConfig;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.Produces;
-import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.ext.Provider;
 import java.io.File;
-import java.io.OutputStream;
 import java.io.Reader;
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Type;
@@ -48,21 +45,10 @@ public class TomEEJsonbProvider extends 
JsonbJaxrsProvider {
 public boolean isWriteable(Class type, Type genericType, Annotation[] 
annotations, MediaType mediaType) {
 // let the CXF built-in writer handle this one
 // TODO: add a setting?
-if (DataSource.class.isAssignableFrom(type)) {
-return false;
-}
-
-if (byte[].class.isAssignableFrom(type)) {
-return false;
-}
-
-if (File.class.isAssignableFrom(type)) {
-return false;
-}
-
-if (Reader.class.isAssignableFrom(type)) {
-return false;
-}
+if (DataSource.class.isAssignableFrom(type)) return false;
+if (byte[].class.isAssignableFrom(type)) return false;
+if (File.class.isAssignableFrom(type)) return false;
+if (Reader.class.isAssignableFrom(type)) return false;
 
 return super.isWriteable(type, genericType, annotations, mediaType);
 }
@@ -71,13 +57,10 @@ public class TomEEJsonbProvider extends 
JsonbJaxrsProvider {
 public boolean isReadable(Class type, Type genericType, Annotation[] 
annotations, MediaType mediaType) {
 // let the CXF built-in writer handle this one
 // TODO: add a setting?
-if (DataSource.class.isAssignableFrom(type)) {
-return false;
-}
-
-if (byte[].class.isAssignableFrom(type)) {
-return false;
-}
+if (DataSource.class.isAssignableFrom(type)) return false;
+if (byte[].class.isAssignableFrom(type)) return false;
+if (File.class.isAssignableFrom(type)) return false;
+if (Reader.class.isAssignableFrom(type)) return false;
 
 return super.isReadable(type, genericType, annotations, mediaType);
 }

[jira] [Created] (TOMEE-3728) Ensure java.io.Reader is not seen as a JSONB serializable type

2021-04-23 Thread David Blevins (Jira) 
David Blevins created TOMEE-3728:


 Summary: Ensure java.io.Reader is not seen as a JSONB serializable 
type
 Key: TOMEE-3728
 URL: https://issues.apache.org/jira/browse/TOMEE-3728
 Project: TomEE
  Issue Type: Bug
Reporter: David Blevins
Assignee: David Blevins
 Fix For: 8.0.7


TomEEJsonbProvider does catch java.io.Reader as not appropriate for JSONB in 
`isWriteable` but missed the same check in `isReadable`



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Assigned] (TOMEE-3182) jaxrs.spec.provider.standard fileProviderTest

2021-04-23 Thread David Blevins (Jira) 


 [ 
https://issues.apache.org/jira/browse/TOMEE-3182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

David Blevins reassigned TOMEE-3182:


Assignee: David Blevins

> jaxrs.spec.provider.standard fileProviderTest
> -
>
> Key: TOMEE-3182
> URL: https://issues.apache.org/jira/browse/TOMEE-3182
> Project: TomEE
>  Issue Type: Sub-task
>Reporter: David Blevins
>Assignee: David Blevins
>Priority: Major
>
> Follow setup instructions in TOMEE-3140.  Then run:
> {code}
> ./runtests --ee91 -c -j --web tomee-plume 
> com.sun.ts.tests.jaxrs.spec.provider.standard.JAXRSClient#fileProviderTest_from_standalone
> {code}
> At the time this issue was filed, the test failed with the following in 
> {{target/logs/javatest.log}}
> {code}
>   at 
> org.apache.johnzon.jaxrs.jsonb.jaxrs.JsonbJaxrsProvider.readFrom(JsonbJaxrsProvider.java:271)
>   at 
> org.apache.cxf.jaxrs.utils.JAXRSUtils.readFromMessageBodyReader(JAXRSUtils.java:1435)
>   at 
> org.apache.cxf.jaxrs.utils.JAXRSUtils.readFromMessageBody(JAXRSUtils.java:1387)
>   at 
> org.apache.cxf.jaxrs.utils.JAXRSUtils.processRequestBodyParameter(JAXRSUtils.java:901)
>   at 
> org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameters(JAXRSUtils.java:832)
>   at 
> org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:215)
>   at 
> org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:79)
>   at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
>   ... 29 more
> 11-Apr-2021 20:36:45.173 SEVERE [http-nio-52360-exec-5] 
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage An 
> unexpected error occurred during error handling. No further error processing 
> will occur.
>   org.apache.cxf.interceptor.Fault: Unexpected character 'i' (Codepoint: 
> 105) on [lineNumber=1, columnNumber=3, streamOffset=2]. Reason is [[Expected 
> LITERAL: false]]
>   at 
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:75)
>   at 
> org.apache.cxf.phase.PhaseInterceptorChain.wrapExceptionAsFault(PhaseInterceptorChain.java:374)
>   at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:332)
>   at 
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>   at 
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265)
>   at 
> org.apache.openejb.server.cxf.rs.CxfRsHttpListener.doInvoke(CxfRsHttpListener.java:271)
>   at 
> org.apache.tomee.webservices.CXFJAXRSFilter.doFilter(CXFJAXRSFilter.java:99)
>   at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
>   at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
>   at 
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
>   at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
>   at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
>   at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
>   at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
>   at 
> org.apache.tomee.catalina.OpenEJBValve.invoke(OpenEJBValve.java:45)
>   at 
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
>   at 
> org.apache.openejb.cts.TransactionalWorkaroundLeakGuardValve.invoke(TransactionalWorkaroundLeakGuardValve.java:39)
>   at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>   at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
>   at 
> org.apache.tomee.catalina.OpenEJBSecurityListener$RequestCapturer.invoke(OpenEJBSecurityListener.java:97)
>   at 
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
>   at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
>   at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:353)
>   at 
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
>   at 
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
>

[jira] [Assigned] (TOMEE-3178) jaxrs.spec.filter.interceptor fileReaderNoInterceptorTest

2021-04-23 Thread David Blevins (Jira) 


 [ 
https://issues.apache.org/jira/browse/TOMEE-3178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

David Blevins reassigned TOMEE-3178:


Assignee: David Blevins

> jaxrs.spec.filter.interceptor fileReaderNoInterceptorTest
> -
>
> Key: TOMEE-3178
> URL: https://issues.apache.org/jira/browse/TOMEE-3178
> Project: TomEE
>  Issue Type: Sub-task
>Reporter: David Blevins
>Assignee: David Blevins
>Priority: Major
>
> Follow setup instructions in TOMEE-3140.  Then run:
> {code}
> ./runtests --ee91 -c -j --web tomee-plume 
> com.sun.ts.tests.jaxrs.spec.filter.interceptor.JAXRSClient#fileReaderNoInterceptorTest_from_standalone
> {code}
> At the time this issue was filed, the test failed with the following in 
> {{target/logs/javatest.log}}
> {code}
>   at 
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
>   at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
>   at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:353)
>   at 
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
>   at 
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
>   at 
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:870)
>   at 
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1696)
>   at 
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>   at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>   at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>   at 
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>   at java.lang.Thread.run(Thread.java:748)
>   Caused by: jakarta.json.stream.JsonParsingException: Unexpected 
> character '<' (Codepoint: 60) on [lineNumber=1, columnNumber=2, 
> streamOffset=1]. Reason is [[Expected structural character or digit or 't' or 
> 'n' or 'f' or '-']]
>   at 
> org.apache.johnzon.core.JsonStreamParserImpl.uexc(JsonStreamParserImpl.java:1034)
>   at 
> org.apache.johnzon.core.JsonStreamParserImpl.uexc(JsonStreamParserImpl.java:1040)
>   at 
> org.apache.johnzon.core.JsonStreamParserImpl.defaultHandling(JsonStreamParserImpl.java:482)
>   at 
> org.apache.johnzon.core.JsonStreamParserImpl.internalNext(JsonStreamParserImpl.java:473)
>   at 
> org.apache.johnzon.core.JohnzonJsonParserImpl.next(JohnzonJsonParserImpl.java:50)
>   at 
> org.apache.johnzon.core.JsonReaderImpl.readValue(JsonReaderImpl.java:83)
>   at 
> org.apache.johnzon.mapper.MappingParserImpl.readObject(MappingParserImpl.java:132)
>   at org.apache.johnzon.mapper.Mapper.mapObject(Mapper.java:398)
>   at org.apache.johnzon.mapper.Mapper.readObject(Mapper.java:313)
>   at 
> org.apache.johnzon.jsonb.JohnzonJsonb.fromJson(JohnzonJsonb.java:244)
>   at 
> org.apache.johnzon.jaxrs.jsonb.jaxrs.JsonbJaxrsProvider.doRead(JsonbJaxrsProvider.java:325)
>   at 
> org.apache.johnzon.jaxrs.jsonb.jaxrs.JsonbJaxrsProvider.doReadWithNoContentException(JsonbJaxrsProvider.java:330)
>   at 
> org.apache.johnzon.jaxrs.jsonb.jaxrs.JsonbJaxrsProvider.readFrom(JsonbJaxrsProvider.java:271)
>   at 
> org.apache.cxf.jaxrs.impl.ReaderInterceptorMBR.aroundReadFrom(ReaderInterceptorMBR.java:79)
>   at 
> org.apache.cxf.jaxrs.impl.ReaderInterceptorContextImpl.proceed(ReaderInterceptorContextImpl.java:69)
>   at 
> com.sun.ts.tests.jaxrs.spec.filter.interceptor.EntityReaderInterceptor.aroundReadFrom(EntityReaderInterceptor.java:47)
>   at 
> org.apache.cxf.jaxrs.utils.JAXRSUtils.readFromMessageBodyReader(JAXRSUtils.java:1430)
>   at 
> org.apache.cxf.jaxrs.utils.JAXRSUtils.readFromMessageBody(JAXRSUtils.java:1387)
>   at 
> org.apache.cxf.jaxrs.utils.JAXRSUtils.processRequestBodyParameter(JAXRSUtils.java:901)
>   at 
> org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameters(JAXRSUtils.java:832)
>   at 
> org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:215)
>   at 
> org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:79)
>   at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
>   ... 29 more
> 11-Apr-2021 20:34:10.930 SEVERE [http-nio-52059-exec-5] 
>

[jira] [Assigned] (TOMEE-3177) jaxrs.spec.filter.interceptor fileReaderContainerInterceptorTest

2021-04-23 Thread David Blevins (Jira) 


 [ 
https://issues.apache.org/jira/browse/TOMEE-3177?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

David Blevins reassigned TOMEE-3177:


Assignee: David Blevins

> jaxrs.spec.filter.interceptor fileReaderContainerInterceptorTest
> 
>
> Key: TOMEE-3177
> URL: https://issues.apache.org/jira/browse/TOMEE-3177
> Project: TomEE
>  Issue Type: Sub-task
>Reporter: David Blevins
>Assignee: David Blevins
>Priority: Major
>
> Follow setup instructions in TOMEE-3140.  Then run:
> {code}
> ./runtests --ee91 -c -j --web tomee-plume 
> com.sun.ts.tests.jaxrs.spec.filter.interceptor.JAXRSClient#fileReaderContainerInterceptorTest_from_standalone
> {code}
> At the time this issue was filed, the test failed with the following in 
> {{target/logs/javatest.log}}
> {code}
>   at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
>   at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:353)
>   at 
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
>   at 
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
>   at 
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:870)
>   at 
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1696)
>   at 
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>   at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>   at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>   at 
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>   at java.lang.Thread.run(Thread.java:748)
>   Caused by: jakarta.json.stream.JsonParsingException: Unexpected 
> character '<' (Codepoint: 60) on [lineNumber=1, columnNumber=2, 
> streamOffset=1]. Reason is [[Expected structural character or digit or 't' or 
> 'n' or 'f' or '-']]
>   at 
> org.apache.johnzon.core.JsonStreamParserImpl.uexc(JsonStreamParserImpl.java:1034)
>   at 
> org.apache.johnzon.core.JsonStreamParserImpl.uexc(JsonStreamParserImpl.java:1040)
>   at 
> org.apache.johnzon.core.JsonStreamParserImpl.defaultHandling(JsonStreamParserImpl.java:482)
>   at 
> org.apache.johnzon.core.JsonStreamParserImpl.internalNext(JsonStreamParserImpl.java:473)
>   at 
> org.apache.johnzon.core.JohnzonJsonParserImpl.next(JohnzonJsonParserImpl.java:50)
>   at 
> org.apache.johnzon.core.JsonReaderImpl.readValue(JsonReaderImpl.java:83)
>   at 
> org.apache.johnzon.mapper.MappingParserImpl.readObject(MappingParserImpl.java:132)
>   at org.apache.johnzon.mapper.Mapper.mapObject(Mapper.java:398)
>   at org.apache.johnzon.mapper.Mapper.readObject(Mapper.java:313)
>   at 
> org.apache.johnzon.jsonb.JohnzonJsonb.fromJson(JohnzonJsonb.java:244)
>   at 
> org.apache.johnzon.jaxrs.jsonb.jaxrs.JsonbJaxrsProvider.doRead(JsonbJaxrsProvider.java:325)
>   at 
> org.apache.johnzon.jaxrs.jsonb.jaxrs.JsonbJaxrsProvider.doReadWithNoContentException(JsonbJaxrsProvider.java:330)
>   at 
> org.apache.johnzon.jaxrs.jsonb.jaxrs.JsonbJaxrsProvider.readFrom(JsonbJaxrsProvider.java:271)
>   at 
> org.apache.cxf.jaxrs.impl.ReaderInterceptorMBR.aroundReadFrom(ReaderInterceptorMBR.java:79)
>   at 
> org.apache.cxf.jaxrs.impl.ReaderInterceptorContextImpl.proceed(ReaderInterceptorContextImpl.java:69)
>   at 
> com.sun.ts.tests.jaxrs.spec.filter.interceptor.EntityReaderInterceptor.aroundReadFrom(EntityReaderInterceptor.java:47)
>   at 
> org.apache.cxf.jaxrs.utils.JAXRSUtils.readFromMessageBodyReader(JAXRSUtils.java:1430)
>   at 
> org.apache.cxf.jaxrs.utils.JAXRSUtils.readFromMessageBody(JAXRSUtils.java:1387)
>   at 
> org.apache.cxf.jaxrs.utils.JAXRSUtils.processRequestBodyParameter(JAXRSUtils.java:901)
>   at 
> org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameters(JAXRSUtils.java:832)
>   at 
> org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:215)
>   at 
> org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:79)
>   at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
>   ... 29 more
> 04-11-2021 20:33:32:  TRACE: [WIRE] - << 500 INTERNAL_SERVER_ERROR
> 04-11-2021 20:33:32:  TRACE: [WIRE] - << connection: close
> 04-11-2021 20:33:32:  TRACE:

[jira] [Assigned] (TOMEE-3189) jaxrs.spec.provider.standardnotnull serverFileProviderTest

2021-04-23 Thread David Blevins (Jira) 


 [ 
https://issues.apache.org/jira/browse/TOMEE-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

David Blevins reassigned TOMEE-3189:


Assignee: David Blevins

> jaxrs.spec.provider.standardnotnull serverFileProviderTest
> --
>
> Key: TOMEE-3189
> URL: https://issues.apache.org/jira/browse/TOMEE-3189
> Project: TomEE
>  Issue Type: Sub-task
>Reporter: David Blevins
>Assignee: David Blevins
>Priority: Major
>
> Follow setup instructions in TOMEE-3140.  Then run:
> {code}
> ./runtests --ee91 -c -j --web tomee-plume 
> com.sun.ts.tests.jaxrs.spec.provider.standardnotnull.JAXRSClient#serverFileProviderTest_from_standalone
> {code}
> At the time this issue was filed, the test failed with the following in 
> {{target/logs/javatest.log}}
> {code}
> 04-11-2021 20:41:15:  TRACE: GOT SETUP METHOD!
> 04-11-2021 20:41:15:  TRACE: No cleanupMethod annotation present
> 04-11-2021 20:41:15:  TRACE: getCleanupMethod - checking for testcase 
> specific cleanup method:  serverFileProviderTest_cleanup
> 04-11-2021 20:41:15:  TRACE: getCleanupMethod - checking for default class 
> specific cleanup method
> 04-11-2021 20:41:15:  TRACE: GOT CLEANUP METHOD!
> 04-11-2021 20:41:15:  TRACE: ABOUT TO INVOKE SETUP METHOD!
> 04-11-2021 20:41:15:  TRACE: setup method JAXRSCommonClient
> 04-11-2021 20:41:15:  [JAXRSCommonClient] Test setup OK
> 04-11-2021 20:41:15:  TRACE: INVOKED SETUP METHOD!
> 04-11-2021 20:41:15:  TRACE: ABOUT TO INVOKE EETEST RUN METHOD!
> 04-11-2021 20:41:15:  TRACE: [JAXRSCommonClient] invoke
> 04-11-2021 20:41:15:  TRACE: [JAXRSCommonClient] setTestProperties
> 04-11-2021 20:41:15:  TRACE: [JAXRSCommonClient] EXECUTING
> 04-11-2021 20:41:15:  [Request] Dispatching request: 'POST 
> http://localhost:52891/jaxrs_spec_provider_standardnotnull_web/resource/file' 
> to target server at 'localhost:52891'
> 04-11-2021 20:41:15:  ###
> 04-11-2021 20:41:15:  TRACE: [WIRE] - >> POST 
> http://localhost:52891/jaxrs_spec_provider_standardnotnull_web/resource/file
> 04-11-2021 20:41:15:  TRACE: [WIRE] - >> Accept:*/*
> 11-Apr-2021 20:41:15.724 WARNING [http-nio-52891-exec-5] 
> org.apache.cxf.jaxrs.impl.WebApplicationExceptionMapper.toResponse 
> jakarta.ws.rs.BadRequestException: HTTP 400 Bad Request
>   at 
> org.apache.cxf.jaxrs.utils.SpecExceptions.toBadRequestException(SpecExceptions.java:84)
>   at 
> org.apache.cxf.jaxrs.utils.ExceptionUtils.toBadRequestException(ExceptionUtils.java:120)
>   at 
> org.apache.cxf.jaxrs.utils.JAXRSUtils.readFromMessageBody(JAXRSUtils.java:1396)
>   at 
> org.apache.cxf.jaxrs.utils.JAXRSUtils.processRequestBodyParameter(JAXRSUtils.java:901)
>   at 
> org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameters(JAXRSUtils.java:832)
>   at 
> org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:215)
>   at 
> org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:79)
>   at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
>   at 
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>   at 
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265)
>   at 
> org.apache.openejb.server.cxf.rs.CxfRsHttpListener.doInvoke(CxfRsHttpListener.java:271)
>   at 
> org.apache.tomee.webservices.CXFJAXRSFilter.doFilter(CXFJAXRSFilter.java:99)
>   at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
>   at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
>   at 
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
>   at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
>   at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
>   at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
>   at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
>   at org.apache.tomee.catalina.OpenEJBValve.invoke(OpenEJBValve.java:45)
>   at 
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
>   at 
> org.apache.openejb.cts.TransactionalWorkaroundLeakGuardValve.invoke(TransactionalWorkaroundLeakGuardValve.java:39)
>   at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>   at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
>   at 
>

Jenkins build is still unstable: TomEE » master-build-quick » TomEE :: TomEE :: TomEE Embedded #98

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-quick » TomEE :: Server :: CXF #98

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-quick » TomEE :: Server :: CXF RS #98

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-quick #98

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-quick » TomEE :: Server :: EJBd #98

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-quick » TomEE :: TomEE :: JDBC #98

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-quick » TomEE :: Container :: Core #98

2021-04-23 Thread Apache Jenkins Server 
See

Jenkins build is still unstable: TomEE » master-build-quick » TomEE :: Server :: Http #98

2021-04-23 Thread Apache Jenkins Server 
See

[jira] [Resolved] (OPENEJB-2151) Queue is visible in the JNDI Tree of ejbd

2021-04-23 Thread Andreas (Jira) 


 [ 
https://issues.apache.org/jira/browse/OPENEJB-2151?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andreas resolved OPENEJB-2151.
--
Resolution: Duplicate

False project, move to tomee

> Queue is visible in the JNDI Tree of ejbd
> -
>
> Key: OPENEJB-2151
> URL: https://issues.apache.org/jira/browse/OPENEJB-2151
> Project: OpenEJB
>  Issue Type: Bug
>  Components: connectors
> Environment: open-ejb-standalone 8.0.6
> Windows 10 Prof.
>Reporter: Andreas
>Priority: Minor
>
> Hi,
> In *line 316* of *org.apache.openejb.server.ejbd.JndiRequestHandler* you use 
> *java.util.Queue* instead *javax.jms.Queue* to compare (instaceof) the Object 
> loaded from JNDITree.
> The bug results in the following consequence:
> If you have configured a *Queue* as resource, you can call this queue by a 
> remote client (over RemoteInitialFactory->jndi-name: java://id-resource). 
> In contrast a *Topic* you cannot called by this way (results in null as 
> instance).
> The method "*doLookup(final JNDIRequest req, final JNDIResponse res, final 
> String prefix)*" returns for a Queue *JNDI_OK* an for a Topic *JNDI_RESOURCE* 
> as result.
> So you can get a queue remote from the ejbd connector (not the right way i 
> think) and a topic not.
> Greetings
> Andreas Riesel



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (TOMEE-3726) Queue is visible in JNDI Tree (java://id-resource)

2021-04-23 Thread Andreas (Jira) 
Andreas created TOMEE-3726:
--

 Summary: Queue is visible in JNDI Tree (java://id-resource)
 Key: TOMEE-3726
 URL: https://issues.apache.org/jira/browse/TOMEE-3726
 Project: TomEE
  Issue Type: Bug
  Components: TomEE Core Server
Affects Versions: 8.0.6
 Environment: Windows 10 Prof.
Reporter: Andreas


Hi,

In *line 316* of *org.apache.openejb.server.ejbd.JndiRequestHandler* you use 
*java.util.Queue* instead *javax.jms.Queue* to compare (instaceof) the Object 
loaded from JNDITree.

The bug results in the following consequence:

If you have configured a *Queue* as resource, you can call this queue by a 
remote client (over RemoteInitialFactory->jndi-name: java://id-resource).

In contrast a *Topic* you cannot called by this way (results in null as 
instance).

The method "*doLookup(final JNDIRequest req, final JNDIResponse res, final 
String prefix)*" returns for a Queue *JNDI_OK* an for a Topic *JNDI_RESOURCE* 
as result.

So you can get a queue remote from the ejbd connector (not the right way i 
think) and a topic not.

Greetings
 Andreas Riesel



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (TOMEE-3725) Returns invalid principal - javax.security.enterprise.SecurityContext

2021-04-23 Thread Richard Zowalla (Jira) 


[ 
https://issues.apache.org/jira/browse/TOMEE-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17330020#comment-17330020
 ] 

Richard Zowalla commented on TOMEE-3725:


There is currently active development targeting 8.0.7-SNAPSHOT / 9.0.0-M7 to 
pass the related TCK, which also includes security-related stuff. [~jlmonteiro] 
did some work on the security impl recently. Might work in a 8.0.7-SNAPSHOT 
build -> maybe give it a try and report back?

> Returns invalid principal -  javax.security.enterprise.SecurityContext
> --
>
> Key: TOMEE-3725
> URL: https://issues.apache.org/jira/browse/TOMEE-3725
> Project: TomEE
>  Issue Type: Bug
>  Components: TomEE Core Server
>Affects Versions: 8.0.6
>Reporter: Pramod
>Priority: Major
> Fix For: 8.0.6
>
>
> We used apache-tomee-plume-8.0.6 for this issue reproduce.
> We use our own JASPIC implementation for security, which works fine so far. 
> It creates a CallerPrincipalCallback with subject and our own 
> AuthenticatedUser principal. But if we call in an EJB ctx.getCallerPrincipal 
> we get "GenericPrincipal"
> "getCallerPrincipal >[TomcatUser: 
> GenericPrincipal[X(JFOXXXST.administrator,JFOXXXST.users,)]]"
>  
> & NOT AuthenticatedUser principal- It seems our REQUIRED principal is not 
> propagated correctly from servlet container to EJB container, the same works 
> fine in OpenLiberty 21.0.0.X
>  
> After spending some more check in security - looks like 
> tomee-security-8.0.6.jar has below implementation which is returning empty 
> set - is this expected? or future implementation will be provided?
>  public Principal getCallerPrincipal()
>  {
>  return this.securityService.getCallerPrincipal();
>  }
> public  Set getPrincipalsByType(Class pType)
> { return Collections.emptySet(); }



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (TOMEE-3725) Returns invalid principal - javax.security.enterprise.SecurityContext

2021-04-23 Thread Jean-Louis Monteiro (Jira) 


[ 
https://issues.apache.org/jira/browse/TOMEE-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17330061#comment-17330061
 ] 

Jean-Louis Monteiro commented on TOMEE-3725:


Thanks Richard,

 

That's correct. This method is now implemented and tested as per TCK 
requirements.

Can you please give it a try and lemme know?

 

It's pretty fresh in my mind so I can improve if necessary.

> Returns invalid principal -  javax.security.enterprise.SecurityContext
> --
>
> Key: TOMEE-3725
> URL: https://issues.apache.org/jira/browse/TOMEE-3725
> Project: TomEE
>  Issue Type: Bug
>  Components: TomEE Core Server
>Affects Versions: 8.0.6
>Reporter: Pramod
>Priority: Major
> Fix For: 8.0.6
>
>
> We used apache-tomee-plume-8.0.6 for this issue reproduce.
> We use our own JASPIC implementation for security, which works fine so far. 
> It creates a CallerPrincipalCallback with subject and our own 
> AuthenticatedUser principal. But if we call in an EJB ctx.getCallerPrincipal 
> we get "GenericPrincipal"
> "getCallerPrincipal >[TomcatUser: 
> GenericPrincipal[X(JFOXXXST.administrator,JFOXXXST.users,)]]"
>  
> & NOT AuthenticatedUser principal- It seems our REQUIRED principal is not 
> propagated correctly from servlet container to EJB container, the same works 
> fine in OpenLiberty 21.0.0.X
>  
> After spending some more check in security - looks like 
> tomee-security-8.0.6.jar has below implementation which is returning empty 
> set - is this expected? or future implementation will be provided?
>  public Principal getCallerPrincipal()
>  {
>  return this.securityService.getCallerPrincipal();
>  }
> public  Set getPrincipalsByType(Class pType)
> { return Collections.emptySet(); }



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (TOMEE-3725) Returns invalid principal - Java EE Security - Inject javax.security.enterprise.SecurityContext

2021-04-23 Thread Pramod (Jira) 


[ 
https://issues.apache.org/jira/browse/TOMEE-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17330228#comment-17330228
 ] 

Pramod commented on TOMEE-3725:
---

Can you please let us know where can I download 8.0.7-SNAPSHOT?

> Returns invalid principal -   Java EE Security - Inject 
> javax.security.enterprise.SecurityContext
> -
>
> Key: TOMEE-3725
> URL: https://issues.apache.org/jira/browse/TOMEE-3725
> Project: TomEE
>  Issue Type: Bug
>  Components: TomEE Core Server
>Affects Versions: 8.0.6
>Reporter: Pramod
>Priority: Major
> Fix For: 8.0.6
>
>
> We used apache-tomee-plume-8.0.6 for this issue reproduce.
> We use our own JASPIC implementation for security, which works fine so far. 
> It creates a CallerPrincipalCallback with subject and our own 
> AuthenticatedUser principal. But if we call in an EJB ctx.getCallerPrincipal 
> we get "GenericPrincipal"
> "getCallerPrincipal >[TomcatUser: 
> GenericPrincipal[X(JFOXXXST.administrator,JFOXXXST.users,)]]"
>  
> & NOT AuthenticatedUser principal- It seems our REQUIRED principal is not 
> propagated correctly from servlet container to EJB container, the same works 
> fine in OpenLiberty 21.0.0.X
>  
> After spending some more check in security - looks like 
> tomee-security-8.0.6.jar has below implementation which is returning empty 
> set - is this expected? or future implementation will be provided?
>  public Principal getCallerPrincipal()
>  {
>  return this.securityService.getCallerPrincipal();
>  }
> public  Set getPrincipalsByType(Class pType)
> { return Collections.emptySet(); }



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (TOMEE-3725) Returns invalid principal - Java EE Security - Inject javax.security.enterprise.SecurityContext

2021-04-23 Thread Pramod (Jira) 


[ 
https://issues.apache.org/jira/browse/TOMEE-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17330201#comment-17330201
 ] 

Pramod commented on TOMEE-3725:
---

Ok sure, I can give a try with SNAPSHOT 

> Returns invalid principal -   Java EE Security - Inject 
> javax.security.enterprise.SecurityContext
> -
>
> Key: TOMEE-3725
> URL: https://issues.apache.org/jira/browse/TOMEE-3725
> Project: TomEE
>  Issue Type: Bug
>  Components: TomEE Core Server
>Affects Versions: 8.0.6
>Reporter: Pramod
>Priority: Major
> Fix For: 8.0.6
>
>
> We used apache-tomee-plume-8.0.6 for this issue reproduce.
> We use our own JASPIC implementation for security, which works fine so far. 
> It creates a CallerPrincipalCallback with subject and our own 
> AuthenticatedUser principal. But if we call in an EJB ctx.getCallerPrincipal 
> we get "GenericPrincipal"
> "getCallerPrincipal >[TomcatUser: 
> GenericPrincipal[X(JFOXXXST.administrator,JFOXXXST.users,)]]"
>  
> & NOT AuthenticatedUser principal- It seems our REQUIRED principal is not 
> propagated correctly from servlet container to EJB container, the same works 
> fine in OpenLiberty 21.0.0.X
>  
> After spending some more check in security - looks like 
> tomee-security-8.0.6.jar has below implementation which is returning empty 
> set - is this expected? or future implementation will be provided?
>  public Principal getCallerPrincipal()
>  {
>  return this.securityService.getCallerPrincipal();
>  }
> public  Set getPrincipalsByType(Class pType)
> { return Collections.emptySet(); }



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (TOMEE-3725) Returns invalid principal - Java EE Security - Inject javax.security.enterprise.SecurityContext

2021-04-23 Thread Pramod (Jira) 


 [ 
https://issues.apache.org/jira/browse/TOMEE-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pramod updated TOMEE-3725:
--
Summary: Returns invalid principal -   Java EE Security - Inject 
javax.security.enterprise.SecurityContext  (was: Returns invalid principal -  
javax.security.enterprise.SecurityContext)

> Returns invalid principal -   Java EE Security - Inject 
> javax.security.enterprise.SecurityContext
> -
>
> Key: TOMEE-3725
> URL: https://issues.apache.org/jira/browse/TOMEE-3725
> Project: TomEE
>  Issue Type: Bug
>  Components: TomEE Core Server
>Affects Versions: 8.0.6
>Reporter: Pramod
>Priority: Major
> Fix For: 8.0.6
>
>
> We used apache-tomee-plume-8.0.6 for this issue reproduce.
> We use our own JASPIC implementation for security, which works fine so far. 
> It creates a CallerPrincipalCallback with subject and our own 
> AuthenticatedUser principal. But if we call in an EJB ctx.getCallerPrincipal 
> we get "GenericPrincipal"
> "getCallerPrincipal >[TomcatUser: 
> GenericPrincipal[X(JFOXXXST.administrator,JFOXXXST.users,)]]"
>  
> & NOT AuthenticatedUser principal- It seems our REQUIRED principal is not 
> propagated correctly from servlet container to EJB container, the same works 
> fine in OpenLiberty 21.0.0.X
>  
> After spending some more check in security - looks like 
> tomee-security-8.0.6.jar has below implementation which is returning empty 
> set - is this expected? or future implementation will be provided?
>  public Principal getCallerPrincipal()
>  {
>  return this.securityService.getCallerPrincipal();
>  }
> public  Set getPrincipalsByType(Class pType)
> { return Collections.emptySet(); }



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (TOMEE-3725) Returns invalid principal - Java EE Security - Inject javax.security.enterprise.SecurityContext

2021-04-23 Thread Richard Zowalla (Jira) 


[ 
https://issues.apache.org/jira/browse/TOMEE-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17330340#comment-17330340
 ] 

Richard Zowalla commented on TOMEE-3725:


Via Maven you can add the related snapshot repos:
{code:java}


apache.snapshots
Apache Snapshot Repository
https://repository.apache.org/snapshots

false

 
   



apache.snapshots
Apache Snapshot Repository
https://repository.apache.org/snapshots

false



{code}
Alternative, if you only want the ZIP / TAR.GZ:
 * 
[https://repository.apache.org/content/repositories/snapshots/org/apache/tomee/apache-tomee/]

Make sure to use the latest one.

 

 

> Returns invalid principal -   Java EE Security - Inject 
> javax.security.enterprise.SecurityContext
> -
>
> Key: TOMEE-3725
> URL: https://issues.apache.org/jira/browse/TOMEE-3725
> Project: TomEE
>  Issue Type: Bug
>  Components: TomEE Core Server
>Affects Versions: 8.0.6
>Reporter: Pramod
>Priority: Major
> Fix For: 8.0.6
>
>
> We used apache-tomee-plume-8.0.6 for this issue reproduce.
> We use our own JASPIC implementation for security, which works fine so far. 
> It creates a CallerPrincipalCallback with subject and our own 
> AuthenticatedUser principal. But if we call in an EJB ctx.getCallerPrincipal 
> we get "GenericPrincipal"
> "getCallerPrincipal >[TomcatUser: 
> GenericPrincipal[X(JFOXXXST.administrator,JFOXXXST.users,)]]"
>  
> & NOT AuthenticatedUser principal- It seems our REQUIRED principal is not 
> propagated correctly from servlet container to EJB container, the same works 
> fine in OpenLiberty 21.0.0.X
>  
> After spending some more check in security - looks like 
> tomee-security-8.0.6.jar has below implementation which is returning empty 
> set - is this expected? or future implementation will be provided?
>  public Principal getCallerPrincipal()
>  {
>  return this.securityService.getCallerPrincipal();
>  }
> public  Set getPrincipalsByType(Class pType)
> { return Collections.emptySet(); }



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (TOMEE-3725) Returns invalid principal - Java EE Security - Inject javax.security.enterprise.SecurityContext

2021-04-23 Thread Pramod (Jira) 


[ 
https://issues.apache.org/jira/browse/TOMEE-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17330363#comment-17330363
 ] 

Pramod commented on TOMEE-3725:
---

Thanks. I just downloaded the 
[https://repository.apache.org/content/repositories/snapshots/org/apache/tomee/apache-tomee/8.0.7-SNAPSHOT/]

 and quickly did code adaption and tested for public  
Set getPrincipalsByType(Class pType)

 
{code:java}
Set customPrincipals = 
ctx.getPrincipalsByType(AbstractAuthenticatedUser.class);     for 
(AbstractAuthenticatedUser customPrincipal : customPrincipals) 
{          LOGGER.info("From securityContext-principalByType 
:"+customPrincipal.toString());      
}
{code}
This worked. So atleast looks promising :)

 

But ctx.getCallerPrincipal(); does not return updated principal object - 
instead it gave generic principal

[TomcatUser: GenericPrincipal[

 

> Returns invalid principal -   Java EE Security - Inject 
> javax.security.enterprise.SecurityContext
> -
>
> Key: TOMEE-3725
> URL: https://issues.apache.org/jira/browse/TOMEE-3725
> Project: TomEE
>  Issue Type: Bug
>  Components: TomEE Core Server
>Affects Versions: 8.0.6
>Reporter: Pramod
>Priority: Major
> Fix For: 8.0.6
>
>
> We used apache-tomee-plume-8.0.6 for this issue reproduce.
> We use our own JASPIC implementation for security, which works fine so far. 
> It creates a CallerPrincipalCallback with subject and our own 
> AuthenticatedUser principal. But if we call in an EJB ctx.getCallerPrincipal 
> we get "GenericPrincipal"
> "getCallerPrincipal >[TomcatUser: 
> GenericPrincipal[X(JFOXXXST.administrator,JFOXXXST.users,)]]"
>  
> & NOT AuthenticatedUser principal- It seems our REQUIRED principal is not 
> propagated correctly from servlet container to EJB container, the same works 
> fine in OpenLiberty 21.0.0.X
>  
> After spending some more check in security - looks like 
> tomee-security-8.0.6.jar has below implementation which is returning empty 
> set - is this expected? or future implementation will be provided?
>  public Principal getCallerPrincipal()
>  {
>  return this.securityService.getCallerPrincipal();
>  }
> public  Set getPrincipalsByType(Class pType)
> { return Collections.emptySet(); }



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Comment Edited] (TOMEE-3725) Returns invalid principal - Java EE Security - Inject javax.security.enterprise.SecurityContext

2021-04-23 Thread Richard Zowalla (Jira) 


[ 
https://issues.apache.org/jira/browse/TOMEE-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17330340#comment-17330340
 ] 

Richard Zowalla edited comment on TOMEE-3725 at 4/23/21, 9:39 AM:
--

Via Maven you can add the related snapshot repos:
{code:java}


apache.snapshots
Apache Snapshot Repository
https://repository.apache.org/snapshots

false

 
   



apache.snapshots
Apache Snapshot Repository
https://repository.apache.org/snapshots

false



{code}
Alternative, if you only want the ZIP / TAR.GZ:
 * 
[https://repository.apache.org/content/repositories/snapshots/org/apache/tomee/apache-tomee/]

Make sure to use the latest one.

We have some Maven issues with our build atm -> it  might be broken. 

 


was (Author: rzo1):
Via Maven you can add the related snapshot repos:
{code:java}


apache.snapshots
Apache Snapshot Repository
https://repository.apache.org/snapshots

false

 
   



apache.snapshots
Apache Snapshot Repository
https://repository.apache.org/snapshots

false



{code}
Alternative, if you only want the ZIP / TAR.GZ:
 * 
[https://repository.apache.org/content/repositories/snapshots/org/apache/tomee/apache-tomee/]

Make sure to use the latest one.

 

 

> Returns invalid principal -   Java EE Security - Inject 
> javax.security.enterprise.SecurityContext
> -
>
> Key: TOMEE-3725
> URL: https://issues.apache.org/jira/browse/TOMEE-3725
> Project: TomEE
>  Issue Type: Bug
>  Components: TomEE Core Server
>Affects Versions: 8.0.6
>Reporter: Pramod
>Priority: Major
> Fix For: 8.0.6
>
>
> We used apache-tomee-plume-8.0.6 for this issue reproduce.
> We use our own JASPIC implementation for security, which works fine so far. 
> It creates a CallerPrincipalCallback with subject and our own 
> AuthenticatedUser principal. But if we call in an EJB ctx.getCallerPrincipal 
> we get "GenericPrincipal"
> "getCallerPrincipal >[TomcatUser: 
> GenericPrincipal[X(JFOXXXST.administrator,JFOXXXST.users,)]]"
>  
> & NOT AuthenticatedUser principal- It seems our REQUIRED principal is not 
> propagated correctly from servlet container to EJB container, the same works 
> fine in OpenLiberty 21.0.0.X
>  
> After spending some more check in security - looks like 
> tomee-security-8.0.6.jar has below implementation which is returning empty 
> set - is this expected? or future implementation will be provided?
>  public Principal getCallerPrincipal()
>  {
>  return this.securityService.getCallerPrincipal();
>  }
> public  Set getPrincipalsByType(Class pType)
> { return Collections.emptySet(); }



--
This message was sent by Atlassian Jira
(v8.3.4#803005)