[jira] [Created] (AMQ-7099) After upgrading activemq 5.5.1 to activemq 5.13.1, issues with java.security.Security.insertProviderAt/org.apache.activemq.broker.BrokerService

[sunil kumar (JIRA)]

sunil kumar created AMQ-7099:
--------------------------------

             Summary: After upgrading activemq 5.5.1 to activemq 5.13.1, issues 
with  
java.security.Security.insertProviderAt/org.apache.activemq.broker.BrokerService
                 Key: AMQ-7099
                 URL: https://issues.apache.org/jira/browse/AMQ-7099
             Project: ActiveMQ
          Issue Type: Bug
          Components: Broker
    Affects Versions: 5.13.1
         Environment: OS: All platforms 

Products involved are :

WAS 8.5.5.9 - 8.5.5.14

LDAP/Active directory

JazzSM(DASH) 3.1.3 CP5 -CP7
            Reporter: sunil kumar


We upgraded activemq 5.5.1 to activemq 5.13.1 to over come the security 
vulnerable to CVE-2015-5254 and CVE-2014-3612. for ref: here are the links for 
each CVE: 
http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt?version=1&modificationDate=1449589734000&api=v2
 
http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt?version=2&modificationDate=1423051365000&api=v2

 

After upgrading we hit with following issues while getting LDAP user 
informations .

Following are the stack trace :

*16:06:07.353 0x33fb300 j9trc_aux.0 - jstacktrace:*
*16:06:07.353 0x33fb300 j9trc_aux.1 - [1] 
java.security.Security.insertProviderAt (Security.java:369)*
*16:06:07.353 0x33fb300 j9trc_aux.1 - [2] 
org.apache.activemq.broker.BrokerService.<clinit> (BrokerService.java:275)*
*16:06:07.353 0x33fb300 j9trc_aux.1 - [3] 
com.ibm.tivoli.rest.event.amq.AMQPropertiesBrokerFactory.createBroker 
(AMQPropertiesBrokerFactory.java:30)*
*16:06:07.353 0x33fb300 j9trc_aux.1 - [4] 
org.apache.activemq.broker.BrokerFactory.createBroker (BrokerFactory.java:71)*
*16:06:07.353 0x33fb300 j9trc_aux.1 - [5] 
org.apache.activemq.broker.BrokerFactory.createBroker (BrokerFactory.java:54)*
*16:06:07.353 0x33fb300 j9trc_aux.1 - [6] 
com.ibm.tivoli.rest.event.amq.AMQEventRouterFactory.startBroker 
(AMQEventRouterFactory.java:430)*
*16:06:07.353 0x33fb300 j9trc_aux.1 - [7] 
com.ibm.tivoli.rest.event.amq.AMQEventRouterFactory.start 
(AMQEventRouterFactory.java:151)*
*16:06:07.353 0x33fb300 j9trc_aux.1 - [8] 
com.ibm.tivoli.rest.event.EventRouterFactory.getInstance 
(EventRouterFactory.java:43)*
*16:06:07.353 0x33fb300 j9trc_aux.1 - [9] 
com.ibm.tivoli.rest.amq.AjaxServlet.<init> (AjaxServlet.java:59)*
*16:06:07.353 0x33fb300 j9trc_aux.1 - [10] 
java.lang.J9VMInternals.newInstanceImpl (Native Method)*
16:06:07.353 0x33fb300 j9trc_aux.1 - [11] java.lang.Class.newInstance 
(Class.java:1843) (Compiled Code)
16:06:07.353 0x33fb300 j9trc_aux.1 - [12] java.beans.Beans.instantiate 
(Beans.java:240)
16:06:07.353 0x33fb300 j9trc_aux.1 - [13] java.beans.Beans.instantiate 
(Beans.java:88)
16:06:07.353 0x33fb300 j9trc_aux.1 - [14] 
com.ibm.ws.webcontainer.servlet.ServletWrapper$1.run (ServletWrapper.java:1489)
16:06:07.353 0x33fb300 j9trc_aux.1 - [15] 
com.ibm.ws.security.util.AccessController.doPrivileged 
(AccessController.java:118) (Compiled Code)
16:06:07.353 0x33fb300 j9trc_aux.1 - [16] 
com.ibm.ws.webcontainer.servlet.ServletWrapper.loadServlet 
(ServletWrapper.java:1478)
16:06:07.353 0x33fb300 j9trc_aux.1 - [17] 
com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck 
(ServletWrapper.java:1357)
16:06:07.353 0x33fb300 j9trc_aux.1 - [18] 
com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions (WebApp.java:642)
16:06:07.353 0x33fb300 j9trc_aux.1 - [19] 
com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally 
(WebApp.java:608)
16:06:07.353 0x33fb300 j9trc_aux.1 - [20] 
com.ibm.ws.webcontainer.webapp.WebAppImpl.initialize (WebAppImpl.java:426)
16:06:07.353 0x33fb300 j9trc_aux.1 - [21] 
com.ibm.ws.webcontainer.webapp.WebGroupImpl.addWebApplication 
(WebGroupImpl.java:88)
16:06:07.353 0x33fb300 j9trc_aux.1 - [22] 
com.ibm.ws.webcontainer.VirtualHostImpl.addWebApplication 
(VirtualHostImpl.java:171)
16:06:07.353 0x33fb300 j9trc_aux.1 - [23] 
com.ibm.ws.webcontainer.WSWebContainer.addWebApp (WSWebContainer.java:904)
16:06:07.353 0x33fb300 j9trc_aux.1 - [24] 
com.ibm.ws.webcontainer.WSWebContainer.addWebApplication 
(WSWebContainer.java:789)
16:06:07.353 0x33fb300 j9trc_aux.1 - [25] 
com.ibm.ws.webcontainer.component.WebContainerImpl.install 
(WebContainerImpl.java:427)
16:06:07.353 0x33fb300 j9trc_aux.1 - [26] 
com.ibm.ws.webcontainer.component.WebContainerImpl.start 
(WebContainerImpl.java:719)
16:06:07.353 0x33fb300 j9trc_aux.1 - [27] 
com.ibm.ws.runtime.component.ApplicationMgrImpl.start 
(ApplicationMgrImpl.java:1211)
16:06:07.353 0x33fb300 j9trc_aux.1 - [28] 
com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectStart 
(DeployedApplicationImpl.java:1450)
16:06:07.353 0x33fb300 j9trc_aux.1 - [29] 
com.ibm.ws.runtime.component.DeployedModuleImpl.start 
(DeployedModuleImpl.java:639)
16:06:07.353 0x33fb300 j9trc_aux.1 - [30] 
com.ibm.ws.runtime.component.DeployedApplicationImpl.start 
(DeployedApplicationImpl.java:1032)
16:06:07.353 0x33fb300 j9trc_aux.1 - [31] 
com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication 
(ApplicationMgrImpl.java:795)
16:06:07.353 0x33fb300 j9trc_aux.1 - [32] 
com.ibm.ws.runtime.component.ApplicationMgrImpl$5.run 
(ApplicationMgrImpl.java:2279)
16:06:07.353 0x33fb300 j9trc_aux.1 - [33] 
com.ibm.ws.security.auth.ContextManagerImpl.runAs (ContextManagerImpl.java:5572)
16:06:07.353 0x33fb300 j9trc_aux.1 - [34] 
com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem 
(ContextManagerImpl.java:5698)
16:06:07.353 0x33fb300 j9trc_aux.1 - [35] 
com.ibm.ws.security.core.SecurityContext.runAsSystem (SecurityContext.java:255)
16:06:07.353 0x33fb300 j9trc_aux.1 - [36] 
com.ibm.ws.runtime.component.ApplicationMgrImpl.start 
(ApplicationMgrImpl.java:2284)
16:06:07.353 0x33fb300 j9trc_aux.1 - [37] 
com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start 
(CompositionUnitMgrImpl.java:436)
16:06:07.353 0x33fb300 j9trc_aux.1 - [38] 
com.ibm.ws.runtime.component.CompositionUnitImpl.start 
(CompositionUnitImpl.java:123)
16:06:07.353 0x33fb300 j9trc_aux.1 - [39] 
com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start 
(CompositionUnitMgrImpl.java:379)
16:06:07.353 0x33fb300 j9trc_aux.1 - [40] 
com.ibm.ws.runtime.component.CompositionUnitMgrImpl.access$500 
(CompositionUnitMgrImpl.java:127)
16:06:07.353 0x33fb300 j9trc_aux.1 - [41] 
com.ibm.ws.runtime.component.CompositionUnitMgrImpl$CUInitializer.run 
(CompositionUnitMgrImpl.java:985)
16:06:07.353 0x33fb300 j9trc_aux.1 - [42] 
com.ibm.wsspi.runtime.component.WsComponentImpl$_AsynchInitializer.run 
(WsComponentImpl.java:524)
16:06:07.353 0x33fb300 j9trc_aux.1 - [43] com.ibm.ws.util.ThreadPool$Worker.run 
(ThreadPool.java:1892)
16:06:07.353 0x33fb300 mt.9 < 
java/security/Security.insertProviderAt(Ljava/security/Provider;I)I bytecode 
static method

 

If we rollback to old ActiveMq Jars(i.e 5.5.1) its working fine. 

Please help us in identifying and fixing this issue.

Products involved are :

WAS 8.5.5.9 - 8.5.5.14

LDAP/Active directory

JazzSM(DASH) 3.1.3 CP5 -CP7

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)