Re: System.proerties setting to set xtream(1.4.20) permission Globaly in Apache karaf 4.3.7
When you construct XStream mapper instance you can pass a whitelist for permitted packages and/or types. This error comes from XStream itself. An example of security settings for XStream: https://github.com/opensmarthouse/opensmarthouse-core/blob/7a5fac046a6c110f5c85721b0e279916db6a18cf/bundles/org.opensmarthouse.core.binding.xml/src/main/java/org/openhab/core/binding/xml/internal/BindingInfoReader.java#L89 Best, Łukasz On 16.05.2023 16:00, Chandan Singh wrote: Hi All , Any inputs on this , We want to set the permission globally on karaf to avoid setting at each Class level . On Tue, May 16, 2023 at 12:23 AM Chandan Singh mailto:mailbox.chandansi...@gmail.com>> wrote: Hi All , Any idea how to set permissions for xtream packages to avoid the forbidden exception as shown below Caused by: com.thoughtworks.xstream.security.ForbiddenClassException: com.xx.xx.xx.parser.MyClass at com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26) ~[!/:?] at com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74) ~[!/:?] at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125) ~[!/:?] at com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47) ~[!/:?] at com.thoughtworks.xstream.core.util.HierarchicalStreams.readClassType(HierarchicalStreams.java:29) ~[!/:?] at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:135) ~[!/:?] at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32) ~[!/:?] at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1464) ~[!/:?] at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1441) ~[!/:?] at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1321) ~[!/:?] at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1312) ~[!/:?] I had the below seeting in pas Karaf System.properties and it used to work in earlier versions . org.apache.camel.xstream.permissions=com.xx.xx.**,java.lang.*,java.util.** *com.thoughtworks.xstream.permissions=com.xx.xx.*,java.lang.*,java.util.* * * * * * *Please advice if the there is any change in Syntax or any other config required ? * * * * * *Regards* *Chandan*
Re: Are released features picked over SNAPSHOT when installing features from maven?
> Jean-Baptiste Onofré : > Hi Steinar, > do you use the default etc/org.ops4j.pax.maven.url.cfg ? etc/org.ops4j.pax.url.mvn.cfg? Yes. From an apache-4.3.3 unpackaged from the binary tar.gz. Here are org.ops4j.pax.url.mvn.repositories from that file: org.ops4j.pax.url.mvn.repositories= \ https://repo1.maven.org/maven2@id=central, \ https://repository.apache.org/content/groups/snapshots-group@id=apache@snapshots@noreleases, \ https://oss.sonatype.org/content/repositories/ops4j-snapshots@id=ops4j.sonatype.snapshots.deploy@snapshots@noreleases
Re: Karaf seems to ignore new files in folder etc if flag x is not set
Hi Catcha :) Are you sure it's on the file itself ? It makes sense to have x for the etc folder (or subfolder) itself, but surprising for the file. I checked in FileInstall, and the WatcherScanner doesn't define anything special on the filesystem attribute. However, it could be related to ENTRY_CREATE in FileInstall Watcher where he checks if it has to go subfolder, so checking the attribute there. I can do a reproducer. Regards JB On Thu, Jun 29, 2023 at 4:28 PM Ephemeris Lappis wrote: > > Hello > > I was talking about the Unix files flags/atttributes : we've observed > that when new files are dropped into the etc folder, if the owner > attributes are only "rw", the file is not taken into account and the > expected configuration is not loaded ; "rwx" seems to be required, and > I have no explanation for that. > > Is it clearer ? > > Thanks. > > Regards. > > Le jeu. 29 juin 2023 à 14:04, Jean-Baptiste Onofré a > écrit : > > > > Hi, > > > > What's the flag "x" ? :) > > > > Can you please elaborate a bit ? > > > > Thanks, > > Regards > > JB > > > > On Wed, Jun 28, 2023 at 3:49 PM Ephemeris Lappis > > wrote: > > > > > > Hello. > > > > > > If I'm not wrong, it seems that Karaf (4.4.3 in our last works) > > > ignores new files copied into the folder "etc" if these files do not > > > have the flag "x" set. > > > > > > I don't see any documentation about this, and a confirmation should be > > > welcome (and an explanation if it's confirmed > > > > > > Thanks in advance. > > > > > > Regards.
Re: Karaf seems to ignore new files in folder etc if flag x is not set
Hello I was talking about the Unix files flags/atttributes : we've observed that when new files are dropped into the etc folder, if the owner attributes are only "rw", the file is not taken into account and the expected configuration is not loaded ; "rwx" seems to be required, and I have no explanation for that. Is it clearer ? Thanks. Regards. Le jeu. 29 juin 2023 à 14:04, Jean-Baptiste Onofré a écrit : > > Hi, > > What's the flag "x" ? :) > > Can you please elaborate a bit ? > > Thanks, > Regards > JB > > On Wed, Jun 28, 2023 at 3:49 PM Ephemeris Lappis > wrote: > > > > Hello. > > > > If I'm not wrong, it seems that Karaf (4.4.3 in our last works) > > ignores new files copied into the folder "etc" if these files do not > > have the flag "x" set. > > > > I don't see any documentation about this, and a confirmation should be > > welcome (and an explanation if it's confirmed > > > > Thanks in advance. > > > > Regards.
Re: Autocommit is happening even within a transaction manager
Hi Ash,
What kind of datasource are you using ?
Regards
JB
On Wed, Jun 28, 2023 at 7:58 PM Ash Williams wrote:
> Hi,
>
>
>
> We have an issue where sql statements executed by hibernate are being
> immediately committed, despite the fact that the entity manager is managed
> by a (local) transaction. It's my understanding that hibernate and the
> transaction manager should together ensure that auto commit is disabled on
> the obtained connection. My environment is Karaf 4.4.3 on Java 8 and
> hibernate 5.6.7.
>
>
>
> # Here is the persistence.xml file:
>
>
>
>
>
>
>
>
>
>
>
> # Here is a self-contained class that demonstrates the problem:
>
>
>
> import java.io.IOException;
>
> import java.sql.SQLException;
>
> import java.util.HashMap;
>
> import java.util.Map;
>
> import java.util.Properties;
>
>
>
> import javax.persistence.EntityManager;
>
> import javax.persistence.Query;
>
> import javax.sql.DataSource;
>
>
>
> import org.apache.commons.lang3.RandomStringUtils;
>
> import org.osgi.service.component.annotations.Activate;
>
> import org.osgi.service.component.annotations.Component;
>
> import org.osgi.service.component.annotations.Reference;
>
> import org.osgi.service.jdbc.DataSourceFactory;
>
> import org.osgi.service.jpa.EntityManagerFactoryBuilder;
>
> import org.osgi.service.transaction.control.TransactionControl;
>
> import
> org.osgi.service.transaction.control.jdbc.JDBCConnectionProviderFactory;
>
> import org.osgi.service.transaction.control.jpa.JPAEntityManagerProvider;
>
> import
> org.osgi.service.transaction.control.jpa.JPAEntityManagerProviderFactory;
>
>
>
> @Component(immediate = true)
>
> public class AcmeTest {
>
>
>
>@Activate
>
>public AcmeTest(
>
>
>
> @Reference(target = "(osgi.unit.name=acme.pu)")
>
> EntityManagerFactoryBuilder emfb,
>
>
>
> @Reference(target = "(&(osgi.jdbc.driver.name
> =oracle)(osgi.jdbc.driver.class=oracle.jdbc.OracleDriver))")
>
> DataSourceFactory dsf,
>
>
>
> @Reference(target = "(osgi.local.enabled=true)")
>
> JPAEntityManagerProviderFactory providerFactory,
>
>
>
> @Reference(target = "(osgi.local.enabled=true)")
>
> TransactionControl txControl
>
>
>
>) throws IOException, SQLException {
>
>
>
> // create datasource from factory
>
>
>
> Properties dsfProps = new Properties();
>
> dsfProps.put("user", "xxx-withheld-xxx");
>
> dsfProps.put("password", "xxx-withheld-xxx");
>
> dsfProps.put("url", "xxx-withheld-xxx");
>
>
>
> DataSource datasource = dsf.createDataSource(dsfProps);
>
>
>
> // create jpa entity manager provider from datasource and pool props
>
>
>
> Map jpaProperties = new HashMap<>();
>
> jpaProperties.put("javax.persistence.dataSource", datasource);
>
> jpaProperties.put("hibernate.dialect",
> "org.hibernate.dialect.Oracle10gDialect");
>
>
>
> Map resourceProviderProperties = new HashMap<>();
>
>
> resourceProviderProperties.put(JDBCConnectionProviderFactory.CONNECTION_POOLING_ENABLED,
> false);
>
>
>
> JPAEntityManagerProvider provider =
> providerFactory.getProviderFor(emfb, jpaProperties,
> resourceProviderProperties);
>
>
>
> // test it out by updating a test_column to a random string
>
>
>
> EntityManager entityManager = provider.getResource(txControl);
>
> txControl.required(() -> {
>
>
>
> String newValue = RandomStringUtils.random(10, true,
> false);
>
>
>
> Query query = entityManager.createNativeQuery("update test_table
> set test_column = ? where test_name = 'test'");
>
> query.setParameter(1, newValue);
>
>
>
> query.executeUpdate();
>
>
>
> // ***
>
> // CONNECTION HAS BEEN COMMITTED SINCE WE
> CAN SEE UPDATED VALUE OF
>
> // TEST_COLUMN IN THE DATABASE WHILST WE ARE
> STILL IN THIS LAMBDA
>
> // ***
>
>
>
> return null;
>
>
>
> });
>
>
>
>}
>
>
>
> }
>
>
>
> # This information about the transaction services running on the platform
> might be important:
>
>
>
> admin@root()> bundle:services -p 281
>
>
>
> pax-transx-tm-geronimo (281) provides:
>
> --
>
> objectClass = [org.osgi.service.cm.ManagedService]
>
> service.bundleid = 281
>
> service.id = 335
>
> service.pid = org.ops4j.pax.transx.tm.geronimo
>
> service.scope = singleton
>
>
>
> objectClass = [javax.transaction.TransactionManager,
> javax.transaction.TransactionSynchronizationRegistry,
> javax.transaction.UserTransaction,
> org.apache.geronimo.transaction.manager.RecoverableTransactionManage
>
> r, org.springframework.transaction.PlatformTransactionManager]
>
> service.bundleid = 281
>
> service.id = 360
>
> service.scope = singleton
>
>
>
> objectClass = [org.ops4j.pax.transx.tm.TransactionManager]
>
> serv
Re: Are released features picked over SNAPSHOT when installing features from maven?
Hi Steinar, do you use the default etc/org.ops4j.pax.maven.url.cfg ? Regards JB On Wed, Jun 28, 2023 at 8:56 PM Steinar Bang wrote: > > I am working on version 1.15.8-SNAPSHOT of authservice: > https://github.com/steinarb/authservice > > My problem with testing release 1.15.8-SNAPSHOT is that 1.15.7 is picked > instead, when I load feature repositories from maven using version > LATEST. > > Version 1.15.7 is found on external repos (maven central in this case), > while 1.15.8-SNAPSHOT is built locally and installed in the local maven > cache (~/.m2/repository/). > > My questions are: > 1. Are released versions being picked over SNAPSHOT releases? > 2. Is this the expected behaviour? > 3. Is there a simple way to make local feature installs pick SNAPSHOTs > over released version? > > I'm running on karaf 4.4.3 on java 17 (openjdk) on debian 12 "bookworm" > on amd64. > > > - Steinar >
Re: Karaf seems to ignore new files in folder etc if flag x is not set
Hi, What's the flag "x" ? :) Can you please elaborate a bit ? Thanks, Regards JB On Wed, Jun 28, 2023 at 3:49 PM Ephemeris Lappis wrote: > > Hello. > > If I'm not wrong, it seems that Karaf (4.4.3 in our last works) > ignores new files copied into the folder "etc" if these files do not > have the flag "x" set. > > I don't see any documentation about this, and a confirmation should be > welcome (and an explanation if it's confirmed > > Thanks in advance. > > Regards.
Re: Autocommit is happening even within a transaction manager
I encountered something very similar a while back. In my case I'm using PAX
JDBC to create the pooled DataSource via config admin. Like you I found
that data was being committed within the transaction lambda.
I determined that this didn't happen with XA DataSources.
I resolved this by providing my own DBCP Pooled Data Source Factory that
declared itself as supporting XA. I don't recall the details of exactly why
I had to do this - it was 5 years ago and past me decided not to comment
this.
I'm using Karaf 4.1.1 & Java 8. The PAX data source is provided to JPA via
persistence.xml via the jta-data-source element & a JNDI lookup.
Anyway - try making your DS XA and see if that changes anything.
On Wed, 28 Jun 2023 at 18:59, Ash Williams wrote:
> Hi,
>
>
>
> We have an issue where sql statements executed by hibernate are being
> immediately committed, despite the fact that the entity manager is managed
> by a (local) transaction. It's my understanding that hibernate and the
> transaction manager should together ensure that auto commit is disabled on
> the obtained connection. My environment is Karaf 4.4.3 on Java 8 and
> hibernate 5.6.7.
>
>
>
> # Here is the persistence.xml file:
>
>
>
>
>
>
>
>
>
>
>
> # Here is a self-contained class that demonstrates the problem:
>
>
>
> import java.io.IOException;
>
> import java.sql.SQLException;
>
> import java.util.HashMap;
>
> import java.util.Map;
>
> import java.util.Properties;
>
>
>
> import javax.persistence.EntityManager;
>
> import javax.persistence.Query;
>
> import javax.sql.DataSource;
>
>
>
> import org.apache.commons.lang3.RandomStringUtils;
>
> import org.osgi.service.component.annotations.Activate;
>
> import org.osgi.service.component.annotations.Component;
>
> import org.osgi.service.component.annotations.Reference;
>
> import org.osgi.service.jdbc.DataSourceFactory;
>
> import org.osgi.service.jpa.EntityManagerFactoryBuilder;
>
> import org.osgi.service.transaction.control.TransactionControl;
>
> import
> org.osgi.service.transaction.control.jdbc.JDBCConnectionProviderFactory;
>
> import org.osgi.service.transaction.control.jpa.JPAEntityManagerProvider;
>
> import
> org.osgi.service.transaction.control.jpa.JPAEntityManagerProviderFactory;
>
>
>
> @Component(immediate = true)
>
> public class AcmeTest {
>
>
>
>@Activate
>
>public AcmeTest(
>
>
>
> @Reference(target = "(osgi.unit.name=acme.pu)")
>
> EntityManagerFactoryBuilder emfb,
>
>
>
> @Reference(target = "(&(osgi.jdbc.driver.name
> =oracle)(osgi.jdbc.driver.class=oracle.jdbc.OracleDriver))")
>
> DataSourceFactory dsf,
>
>
>
> @Reference(target = "(osgi.local.enabled=true)")
>
> JPAEntityManagerProviderFactory providerFactory,
>
>
>
> @Reference(target = "(osgi.local.enabled=true)")
>
> TransactionControl txControl
>
>
>
>) throws IOException, SQLException {
>
>
>
> // create datasource from factory
>
>
>
> Properties dsfProps = new Properties();
>
> dsfProps.put("user", "xxx-withheld-xxx");
>
> dsfProps.put("password", "xxx-withheld-xxx");
>
> dsfProps.put("url", "xxx-withheld-xxx");
>
>
>
> DataSource datasource = dsf.createDataSource(dsfProps);
>
>
>
> // create jpa entity manager provider from datasource and pool props
>
>
>
> Map jpaProperties = new HashMap<>();
>
> jpaProperties.put("javax.persistence.dataSource", datasource);
>
> jpaProperties.put("hibernate.dialect",
> "org.hibernate.dialect.Oracle10gDialect");
>
>
>
> Map resourceProviderProperties = new HashMap<>();
>
>
> resourceProviderProperties.put(JDBCConnectionProviderFactory.CONNECTION_POOLING_ENABLED,
> false);
>
>
>
> JPAEntityManagerProvider provider =
> providerFactory.getProviderFor(emfb, jpaProperties,
> resourceProviderProperties);
>
>
>
> // test it out by updating a test_column to a random string
>
>
>
> EntityManager entityManager = provider.getResource(txControl);
>
> txControl.required(() -> {
>
>
>
> String newValue = RandomStringUtils.random(10, true,
> false);
>
>
>
> Query query = entityManager.createNativeQuery("update test_table
> set test_column = ? where test_name = 'test'");
>
> query.setParameter(1, newValue);
>
>
>
> query.executeUpdate();
>
>
>
> // ***
>
> // CONNECTION HAS BEEN COMMITTED SINCE WE
> CAN SEE UPDATED VALUE OF
>
> // TEST_COLUMN IN THE DATABASE WHILST WE ARE
> STILL IN THIS LAMBDA
>
> // ***
>
>
>
> return null;
>
>
>
> });
>
>
>
>}
>
>
>
> }
>
>
>
> # This information about the transaction services running on the platform
> might be important:
>
>
>
> admin@root()> bundle:services -p 281
>
>
>
> pax-transx-tm-geronimo (281) provides:
>
>
