Patching
BZ#1110117 - Querying patching MBeans during shutdown results in IllegalStateExceptionAn attempt to query the patch status of a JBoss EAP instance could previously result in an IllegalStateException error being thrown. The root cause of this error was that the InstallationManagerService was not available as it had already been shut down. This issue has now been resolved by first checking if the InstallationManagerService is available and if so, the query proceeds.
See //bugzilla.redhat.com/show_bug.cgi?id=1110117
EJB
BZ#1172856 - Server side EJB Handler not compression responseWhen using EJB compression in previous versions of JBoss EAP 6, the client was sending a compressed request, but the server was sending an uncompressed response, even though it was configured to return a compressed response.
In this release, the server will respond with a compressed response as it should.
See //bugzilla.redhat.com/show_bug.cgi?id=1172856
BZ#1118432 - java.util.concurrent.RejectedExecutionException if a remote-naming InitialContext should be closedIf remote naming is used to lookup an EJB it creates an ejb-client context. If the remote naming context object was closed when done, the client logged the error shown below, because the ejb-client context was already shut down and it tried to do so again. The underlying cause of this error has been resolved by checking the ejb-client context before being closed.
ERROR [org.jboss.remoting.handler-errors] Close handler threw an exception: java.util.concurrent.RejectedExecutionExceptionSee //bugzilla.redhat.com/show_bug.cgi?id=1118432
BZ#1156620 - Memory leak on undeploy & too many channels caused by ejb client not disassociatingThis release of JBoss EAP 6 fixes a memory leak caused by an application deployed that is using jboss-ejb-client.xml to configure remote EJB clients connections.
This fix also resolves another issue wherein scoped context was used and too many channels occurred (as a result of channels not being closed until all channels to a given host are closed). The channel is now closed when Context.close() is called, even if other channels are open to the same host.
See //bugzilla.redhat.com/show_bug.cgi?id=1156620
BZ#1088463 - If large parameters are given to an EJB method invocation the client show a EJBCLIENT000032 Exception - the OutOfMemoryError is swallowedIn the previous version of JBoss EAP 6, when a large value is passed in a parameter for EJB invocation, the channel crashed and the out of memory error was not displayed on the server. On the ejb-client, an exception indictating the error occurred during the unmarshalling of some parameter with a possible OOM cause is displayed. This issue is now fixed in the current version of JBoss EAP 6. When a large value is passed in a parameter for EJB invocation, an out of memory exception is displayed on the server and a hint is displayed on the client side.
See //bugzilla.redhat.com/show_bug.cgi?id=1088463
CDI/Weld
BZ#1159570 - CDI injected topic does not workIn previous versions of JBoss EAP 6, the injection of a JMS Topic into a CDI bean failed with the following error:
javax.jms.InvalidDestinationException: Not a HornetQ Destination:HornetQTopic[EventTopic] @javax.inject.Inject private javax.jms.Topic topicIn this release, the injection succeeds without error.
See //bugzilla.redhat.com/show_bug.cgi?id=1159570
BZ#1166133 - Bean proxy class has non-varargs method for original varargs methodIn previous versions of EAP, varargs methods were misrepresented in bean proxies as non-varargs methods with an array argument. This caused problems in frameworks which depend on reflection.
The issue was resolved by adding the missing vararg flag in bytecode of the proxied method. As a result, vararg methods are now represented correctly in bean proxies.
See //bugzilla.redhat.com/show_bug.cgi?id=1166133
BZ#1146853 - Proxy naming conflict when using static nested classes with the same name and packageIn previous versions of EAP if two static nested classes with equal names enclosed by different classes were used as beans, Weld generated proxies with equal class names for both such beans and ClassCastException were thrown when such beans were used.
This was fixed by amending the proxy class name generation procedure to include the name of the enclosing class. Two static nested classes can now have the same simple class name even when enclosed by two different classes in the same package.
See //bugzilla.redhat.com/show_bug.cgi?id=1146853
BZ#1054876 - Proxy creation fails when a superclass does not have a no-arg constructorPrevious versions of JBoss EAP included an implementation of Weld that performed an unnecessarily strict check that constructors of all superclasses have public no-arg constructors.
This issue has been resolved in this release. Now only the proxiability of the bean itself is checked, not all supertypes.
See //bugzilla.redhat.com/show_bug.cgi?id=1054876
BZ#1149644 - CDI Interceptor cannot inject EJB session context.In previous versions of JBoss EAP there was an omission in the Weld integration code as a result of which it was not possible to inject an EJB session context into a CDI interceptor.
This was fixed in the integration code by providing the proper EJBContext JNDI location to injection points for all EJB contexts.
See //bugzilla.redhat.com/show_bug.cgi?id=1149644
BZ#1138192 - Package-private members not working on CDI beans in static modulesIn previous versions of JBoss EAP there was a classloading optimization in the Weld integration code which caused an IllegalAccessException to be thrown when any normal-scoped bean from a static module which declared a package-private no-arg constructor got injected into a bean from a deployment.
This was fixed by limiting the optimization and using a static module’s ClassLoader for proxies of classes originating from the given static module.
The IllegalAccessException is no longer thrown for beans with package-private constructors in static modules.
See //bugzilla.redhat.com/show_bug.cgi?id=1138192
BZ#1086555 - Weld - Specialization of generic beans throws inappropriate exceptionIn a previous release of JBoss EAP 6, setting a specialization on a generic bean resulted in a DefinitionException being thrown.
This behavior was not intended as has been addressed in this release. Setting a specialization on a generic bean now operates as expected.
See //bugzilla.redhat.com/show_bug.cgi?id=1086555
Domain Management
BZ#1111575 - subnet-match is does not respect 'value' attributePrevious releases of JBoss EAP 6 carried a bug that prevented subnet-match from respecting the value attribute.
In this release of the product, the issue has been resolved and the value attribute works as expected.
See //bugzilla.redhat.com/show_bug.cgi?id=1111575
BZ#1159709 - IO error during deployment scanning triggers undeploymentIn previous versions of JBoss EAP 6, FileSystemDeploymentService.scanDirectory() method treated the null return value of File.listFiles() as an empty list rather than an error.
As a result, IO errors occurring during deployment scanning could trigger the un-deployment of applications.
This issue has been addressed and in this release of the product, deployed applications are no longer undeployed if file limit is reached.
See //bugzilla.redhat.com/show_bug.cgi?id=1159709
BZ#1133328 - Runtime updates to outbound LDAP connections not performed on host controller.JBoss EAP 6’s domain management operation handlers can specify if a runtime update should be performed as a result of an update to the model. In previous versions, the operation handler was only requesting runtime updates for outbound LDAP connection definitions if running in a server process.
As a result, changes made to outbound LDAP connections within a host controller process were not leading to immediate runtime updates for that process.
In this release of the product, the affected operation requests runtime updates are applied in all process types and changes made to outbound LDAP connections are reflected immediately for both application server processes and non-application server processes.
See //bugzilla.redhat.com/show_bug.cgi?id=1133328
BZ#1148565 - Management HTTP server closing idle connections prematurely.JBoss EAP’s management HTTP server contains a timeout handler which is intended to terminate idle connections after 5 minutes.
In previous versions of the product the timeout was terminating connections after 30 seconds. Any active SSL sessions were also terminated as a side effect of the connection being terminated. When the client’s web browser reconnected for a subsequent invocation the a fresh SSL session had to be created.
In this release of the product, the idle connection timeout is now set correctly to 5 minutes.
Web browser initiated shut down of keep alive connections can now happen as intended, leaving any underlying SSL sessions intact and allowing the web browser to resume its previous session the next time it connects.
See //bugzilla.redhat.com/show_bug.cgi?id=1148565
BZ#1106393 - Managed server shutdown unexpectedly when timeout during connection request to HCIn a previous version of JBoss EAP 6, after a managed server’s connection to it’s Host Controller failed, it would only make a single re-connection attempt.
This could cause the product to shut down unexpectedly if the re-connection failed.
In this release, connections to the Host Controller are re-tried indefinitely. Server instances no longer shut down due to loss of connection to the Host Controller.
See //bugzilla.redhat.com/show_bug.cgi?id=1106393
BZ#1105677 - Nonexistent ldap group causes authentication to fail in security-realmIn previous release of JBoss EAP 6, a user containing a reference to a non-existent group returned a failure in authentication while performing principal-to-group searches of LDAP to load a user’s group membership information. The user’s authentication was aborted.
In JBoss EAP 6.4, this issue has been fixed by defining a skip-missing-groups attribute as "true" on the principal-to-group configuration, which allows missing groups to be ignored.
See //bugzilla.redhat.com/show_bug.cgi?id=1105677
BZ#1073866 - Adding server-identity=ssl to SecurityRealm throws NPE in 6.3.0.DR2In the previous release of JBoss EAP 6, the runtime updates returned a NullPointerException for the list of services being added, thus making the roll back of services, when needed, very difficult.
In JBoss EAP 6.4, this error is fixed and the list of service references is provided for runtime updates.
See //bugzilla.redhat.com/show_bug.cgi?id=1073866
BZ#1151434 - The outbound-connections element doesn't validate against XSD after removing connectionWithin the management mode, when a new outbound LDAP connection is defined, a resource is instantiated to hold the child ldap connections.
In previous versions of JBoss EAP 6, this resource was not removed after the last child connection is removed.
The behavior was encountered because the XML marshalling saw the outbound ldap connections in the model as being defined, and so wrote the <outbound-connections> element to contain them. As there were no connections in the model this element remained empty, which is invalid according to the schema.
Note: The parser is tolerant to this and this does not prevent a subsequent server start up.
In this release of the product the resource is removed once the last child has been removed and the parser now sees there are no defined outbound connections so an empty <outbound-connections> element is no longer written.
See //bugzilla.redhat.com/show_bug.cgi?id=1151434
BZ#908236 - Defining a secure socket for http management without a security realm results in a NullPointerExceptionIn previous versions of JBoss EAP 6, model validation was not being performed to ensure an HTTP management interface configured to enable SSL also referenced a security realm to obtain its SSLContext.
Without the validation, the SecurityRealm was null, which lead to a NullPointerException.
In this release the time updates are applied to the management model and additional checks are performed to ensure a security realm is associated with the HTTP management interface is SSL is being enabled.
If a user attempts to define a HTTP management interface with SSL but no SecurityRealm an error message is reported instead of the NullPointerException.
See //bugzilla.redhat.com/show_bug.cgi?id=908236
BZ#1129400 - Unable to create resource-adapter using HTTP management interfaceIn previous versions of JBoss EAP 6, the logic in the operation to add a resource-adapter resource required that the target address be represented as a list of elements of DMR ModelType.PROPERTY.
This meant that HTTP-based management clients that used JSON could not reliably create operations using the expected format (as representing the $PROPERTY element in JSON syntax can be problematic).
In this release of JBoss EAP 6, the handler for the resource-adapter add operation has been updated to use standard address parsing code which is more forgiving of formatting differences. As a result, operations that add a resource-adapter using the HTTP interface and JSON similar to the example above now succeed as expected.
See //bugzilla.redhat.com/show_bug.cgi?id=1129400
BZ#1133961 - XML parsing mandating the 'force' attribute on username-to-dn even though it has a default value.In JBoss EAP 6, where a username-to-dn element is defined for LDAP based authorization with security realms, the schema describes an optional attribute; force.
In previous versions of the product the parser was implemented to assume this attribute was mandatory.
This caused configurations which were valid according to the schema to be rejected by the parser if the optional attribute was omitted.
In this release the parser has been updated to reflect the fact that the attribute is optional and configurations that omit the force attribute will now be correctly parsed by the parser.
See //bugzilla.redhat.com/show_bug.cgi?id=1133961
BZ#1052821 - Unnecessary DNS lookup when accessing web console with httpsIf a client connects to the server and the SSL session is initiated there is an attempt to resolve the clients host name. If the clients name is an address this involves a DNS look up to attempt to discover the name. This caused performance hit on every connection from a remote client while the DNS lookup is performed, in addition to this if the DNS server is unavailable this can introduce a long delay.
This issue has ben fixed in JBoss EAP 6.4. A DNS lookup is now eliminated on the server when a client attempts to connect and establish a SSL session.
See //bugzilla.redhat.com/show_bug.cgi?id=1052821
Transaction Manager
BZ#1162882 - JBTM-2188 - Some code that writes to the file store is missing PrivilidgedAction blocksIn previous releases of JBoss EAP 6, if Security Manager was enabled then Narayana Transaction Manager could not be allowed read or write from the files of object store managed by FileSystemStore class.
This was because, when the security manager is used, it verifies that the code has permissions to access the file system. This process checks the entire method call chain, meaning there is a chance that some classes do not have permission to access the filesystem.
The fix implemented in this release is to access the file system as a privileged entity (AccessController.doPrivileged()), which reduces the stack to classes that the security manager recognizes as privileged to have file system access.
See //bugzilla.redhat.com/show_bug.cgi?id=1162882
BZ#1133346 - XA Recovery scans can stall JBoss startupIn JBoss EAP 6, transaction recovery operates by asking resources for their view of in-doubt transaction branches using "RecoveryHelpers" provided by other subsystems. When a deployment registers one of these helpers, a lock is taken. The same lock is acquired when recovering a resource.
If the resource is slow to complete a recovery request, then the subsystem deployment (which is waiting for the lock) is similarly delayed.
In this release the contention on the lock is broken and subsystems deploy as expected.
See //bugzilla.redhat.com/show_bug.cgi?id=1133346
BZ#1113225 - CMR: TX log does not show participants after crash.In previous releases of JBoss EAP 6, the tooling for reading transaction logs did not expose CMR records.
THis issue has been addressed in this release.
See //bugzilla.redhat.com/show_bug.cgi?id=1113225
BZ#1077156 - Not possible to start XTS transaction on IPv6 with server bound to ::1In a previous release of JBoss EAP 6, it was not possible to start an XST transaction on IPv6 with a server bound to address ::1. This was because this part of the address must be wrapped in square brackets; [::1].
This issue has been resolved by splitting the URL into discrete sections and inserting square brackets as required before it is passed to the XTS core.
Note that if you are using the -b switch in a CLI comment, do not wrap the address portion of the URL in square brackets as this is contrary to the the specification and will prevent Webservices from starting.
See //bugzilla.redhat.com/show_bug.cgi?id=1077156
BZ#1032641 - IllegalStateException from periodic recovery when server is reloaded with XA datasource being definedPrevious versions of JBoss EAP 6 could encounter an IllegalStateException during some transaction recovery operations.
The transaction recovery system operates by querying resources for their view of 'in-doubt' transaction branches. It uses a "RecoveryHelper" which JCA registers to achieve this.
When a resource is removed from the system, the RecoveryHelper is de-registered. In previous versions of the product there was a race condition in the code whereby if the removal happened during a "recovery scan" then the helper was not removed.
This resulted in the possibility that transaction recovery would continue using resources even though they had been removed from the server (which could produce the IllegalStateExceptions).
In this release, if the current recovery scan is using the resource, it waits for it to finish and then remove the helper.
See //bugzilla.redhat.com/show_bug.cgi?id=1032641
BZ#1124861 - Issue with issue recovering AA with CMR, recovers OK but via orphan detectionIn previous releases of JBoss EAP 6, if the server crashed during an XA transaction, the XA resource did not always roll back immediately.
This issue has been corrected by an upgrade of org.jboss.jbossts. Transactions now roll back and logs are cleaned as expected.
See //bugzilla.redhat.com/show_bug.cgi?id=1124861
BZ#900289 - Domain management API does not expose JTS orphans from the transaction object storeThe transaction subsystem contained in JBoss EAP 6 maintains a log of pending transactions. This log is exposed to the console user.
In some circumstances a resource has a log of an in-doubt transaction branch for which there is no corresponding top level transaction log (but on disk there is a participant log). Such logs are called "orphans" and by default these were not exposed in previous versions.
As a result, if the transaction subsystem was configured to use JTS then these orphan records were not automatically removed resulting in a leak of available storage space.
In this release, the console user can override the default by setting the transaction subsystem property expose-all-logs to true. Then the console user has the option to manually delete these logs, preventing the leak.
See //bugzilla.redhat.com/show_bug.cgi?id=900289
JMX
BZ#1113242 - RemotingConnector & VersionedConectionFactory need configurable connection, channel & versioned connection timeoutsPrevious versions of JBoss EAP 6 contained several hard-coded JMX connection timeouts. In this release of the product, those intervals can now be configured via a system property or properties passed in when creating the JMXConnectorFactory: JMXConnectorFactory.connect(serviceURL, environment);
The order of priority of these settings is as follows:
The default is 30 seconds.
The Env map property overrides default.
The system property overrides values passed into the env map.
Specific timeout properties:
Channel timeout: org.jboss.remoting-jmx.timeout.channel
Connection timeout: org.jboss.remoting-jmx.timeout.connection
Versioned Connection timeout: org.jboss.remoting-jmx.timeout.versioned.connection
If the org.jboss.remoting-jmx.timeout property is set and the specific property is not set, the generic value will be used instead of the default.
See //bugzilla.redhat.com/show_bug.cgi?id=1113242
In previous versions of JBoss EAP 6, the logic in the facade that exposes management resources as JMX MBeans made an unnecessary duplicate read of child resources. It was possible for this second read to return a null child if the resource was dynamic and could be removed due to non-management action (a resource for a temporary JMS queue added or removed by an application, for example).
As a result, calling remote JMX server methods such as getMBeanCount() by remote clients could intermittently lead to random NullPointerExceptions with a log message similar to the following. [0m[33m18:38:11,612 WARN [org.jboss.remotingjmx.protocol.v2.ServerCommon] (pool-2-thread-12) Unexpected internal error: java.lang.NullPointerException at org.jboss.as.jmx.model.RootResourceIterator.doIterate(RootResourceIterator.java:49)
In this release of the product, the duplicate read of child resources has been removed, with the value from the initial read (which will never be `null`) used. This ensures the NullPointerExceptions no longer occur.
See //bugzilla.redhat.com/show_bug.cgi?id=1185118
Remoting
BZ#1126489 - Marshalling fails on objects that require permissions in their readObjectWith the Java Security manager enabled, the java.security.AccessControlException was thrown when a java.util.Calendar object was passed as an argument or response from an EJB method, even with a java security policy that provides the necessary permissions. This issue has been fixed in this release. The exception is no longer thrown and the marshalling and EJB call succeed.
See //bugzilla.redhat.com/show_bug.cgi?id=1126489
BZ#1161430 - JBoss Marshalling NullPointerException occurs when object being cloned has writeObjectThe JBoss Marshalling NullPointerException used to occur when an object being cloned has writeObject. This issue has been fixed in this release.
See //bugzilla.redhat.com/show_bug.cgi?id=1161430
BZ#1153281 - Excessive logging when a JMS message is receivedThe INFO log event was seen every time a JMS message was sent to the server. This issue has been fixed in this release.
See //bugzilla.redhat.com/show_bug.cgi?id=1153281
Web Console
BZ#1107869 - Web Console errors out and ends the jbossas process completelyWhen JTS is enabled in the `Transactions` section of the web management console, it is necessary to also set the attribute `transactions` to the value `on` in the JacORB subsystem.
In previous JBoss EAP 6 versions the user was not notified about this dependency by the management console.
The behavior has been corrected in this release by adding a validation check to the console.
See //bugzilla.redhat.com/show_bug.cgi?id=1107869
BZ#1026823 - Provide a reliable way to clear "ROLE" headers set by "Run as" dialogIn previous releases of JBoss EAP 6, it was found that when a SuperUser acted on behalf of another user (with the Run As… link), their role was not reset after the action was taken.
This issue has been addressed and users no longer need to close the browser window and re-access the Web Console for roles to be reset.
See //bugzilla.redhat.com/show_bug.cgi?id=1026823
BZ#1017655 - Web services configuration validation errorsIn previous releases of JBoss EAP 6, invalid values for WSDL Host, WSDL Port and WSDL Secure Port under Profiles > Web > Web Services were not rejected by the web console.
This issue has been resolved in this release which honors the validation rules from the management model. Incorrect values are no longer saved.
See //bugzilla.redhat.com/show_bug.cgi?id=1017655
BZ#1029851 - management console - even after cancel the process to upload a deployment file, the content is added to data directoryAn issue present in previous releases of JBoss EAP 6 that caused the upload of files through the Manage Deployments screen to complete, even if the upload was canceled by the user, has been corrected in this release.
The issue presented because older versions of the product allowed users to cancel a file upload operation after the file copy had occurred but before the deployment entry had been added to domain.xml.
In this release of the product, the console workflow has been redesigned to remove the cancel option during the operation, preventing incomplete operations and inconsistent states between saved files and <deployment> entries in domain.xml.
See //bugzilla.redhat.com/show_bug.cgi?id=1029851
Server
BZ#1110635 - Deployment overlay feature does not work if a leading / is present on the overlay pathIn previous release of JBoss EAP 6, adding a deployment overlay prefixed with a '/' did not work.
In JBoss EAP 6.4, this has been fixed. The deployment-overlay works with or with out a leading '/'
deployment-overlay add --name=example-overlay --content=/lib/example.jar=eap6-overlay-example.jar --deployments=example.earSee //bugzilla.redhat.com/show_bug.cgi?id=1110635
Web Services
BZ#1157482 - EJB3 Web Service returns Invalid User on parallel invocationsThe EJB3 Web Service using username token for authentication would fail if it was loaded with parallel invocations. If the EJB3 Web Service was using username token for authentication, it would fail on parallel invocations. This issue has been fixed in this release.
See //bugzilla.redhat.com/show_bug.cgi?id=1157482
BZ#1115214 - CXF-5679, CXF-5724 - WS-S after upgrade fails with org.apache.ws.security.WSSecurityException: The signature or decryption was invalidPrevious versions of JBoss EAP 6 carried a regression that was introduced in Apache CXF 2.7.10 which failed with the error:
org.apache.ws.security.WSSecurityException: The signature or decryption was invalidThis issue has been resolved and signature verification of WS-Security SOAP messages is correctly performed.
See //bugzilla.redhat.com/show_bug.cgi?id=1115214
BZ#1121223 - Ensure EncryptedKey references BinarySecurityToken before itIn previous releases of JBoss EAP 6, CXF placed the BinarySecurityToken referenced by the EncryptedKey element after the EncryptedKey element when the WSS timestamp was not included in the SOAP message.
This could cause receivers that expect the BinarySecurityToken referenced by the EncryptedKey to be above the EncryptedKey element to fail as they had not processed the BinarySecurityToken when attempting to look it up while processing the EncryptedKey element.
This issue has been resolved by moving the BinarySecurityToken higher in the SOAP message. Now EncryptedKey elements always reference BinarySecurityTokens that have already been found while parsing the SOAP message.
See //bugzilla.redhat.com/show_bug.cgi?id=1121223
BZ#1155490 - Memory leak in JBoss WS CXF Client's HandlerChainSortInterceptorIf the JAX-WS client was implemented with one JAX-WS handler, on invoking the service port method indefinitely, it resulted in a memory leak. This issue has been fixed in this release.
See //bugzilla.redhat.com/show_bug.cgi?id=1155490
EE
BZ#1029260 - Cannot use a ear-subdeployments-isolated attribute setting with a jboss-deployment-structure.xmlIf you configure a ear-subdeployments-isolated attribute with jboss-deployment-structure.xml and put under a <EAR>/META-INF directory, the isolation flag was overwritten by the sub-system configuration.
In JBoss EAP 6.4, this issue is fixed. The order of processing has been updated.
See //bugzilla.redhat.com/show_bug.cgi?id=1029260
JPA
BZ#1131711 - HttpManagementService-threads consumes high cpu on org.jboss.as.jpa.hibernate4.management.QueryName.displayable()In the previous version of JBoss EAP 6, HttpManagementService-threads on org.jboss.as.jpa.hibernate4.management.QueryName.displayable() slowed down the performance due to high CPU usage. This was cause due to multiple calls to String.replace(). This issue is fixed in the current version of JBoss EAP 6.
See //bugzilla.redhat.com/show_bug.cgi?id=1131711
BZ#1114726 - JPA entity class enhancement may not work for sub-deployments when other sub-deployments reference the entity classesIn the previous versions of JBoss EAP 6, entity classes in user applications which are expected to be rewritten by the persistence provider during application deployment may not be rewritten. Due to this, when sub-deployments are deployed in parallel and there are references to entity classes in other sub-deployments beyond the deployment that contains the persistence unit, the entity class definition is loaded before it is rewritten by the persistence provider. Thus affecting the performance. This issue is fixed in the current version of JBoss EAP 6.
See //bugzilla.redhat.com/show_bug.cgi?id=1114726
JMS
BZ#1070106 - Generic JMS adapter does not deploy correctly in domain mode.In the previous version of JBoss EAP 6, contextual information was not correctly checked during the add operation. As a result, generic JMS adapter was deployed correctly in domain mode. This issue is now fixed in the current version of JBoss EAP 6. Generic JMS adapter can now be deployed in domain mode.
See //bugzilla.redhat.com/show_bug.cgi?id=1070106
JCA,JMX
BZ#1150821 - JMX Datasource pool & jdbc statistics disappear if you enable validationIn the previous version of JBoss EAP 6, JMX Datasource pool and jdbc statistics may disappear if validation was enabled. This was due to a reference to part of the resource model was held, which became invalid if the model was modified. This issue is fixed in the current version of JBoss EAP 6. The reference to part of the resource model is not longer held across operations.
Result: DataSource statistics do not disappear.
See //bugzilla.redhat.com/show_bug.cgi?id=1150821
Logging
BZ#1096053 - SyslogHandler doesn't handle multi-byte characters correctlyIn previous versions of JBoss EAP 6, using org.jboss.logmanager.handlers.SyslogHandler to log multi-byte characters may result in corrupted output recorded in the log. For example:
Mar 8 17:29:09 UNKNOWN_HOSTNAME java[9896]: SyslogHandler: ????????????This issue has been resolved in this release and now characters are output to the log as expected.
See //bugzilla.redhat.com/show_bug.cgi?id=1096053
BZ#1031448 - logging-profile works for a servlet, but doesn't for a JSPIn a previous release of JBoss EAP 6, logging profiles worked as expected for a servlet, but did not work for a JSP; all log messages from a JSP went to the system log context.
This issue presented because the class loader that was checked was org.apache.jasper.servlet.JasperLoader with a parent class loader of the class loader that was registered for the log context.
This issue has been resolved by adding an option to the log manager to recursively check a class loader’s parent for a LogContext.
See //bugzilla.redhat.com/show_bug.cgi?id=1031448
BZ#1071695 - Infinite recursion when exception stack frame class lookup failsThe JBoss LogManager when configured with the %E formatter, prints out where the jar classes are from. If there is a problem loading the class, JBoss Modules prints a warning. In some circumstances, the exception formatter will trigger infinite recursion between the log manager loading a class and modules printing a warning.
This issue has been fixed in JBoss EAP 6.4. The situation no longer triggers infinite recursion and logging.
See //bugzilla.redhat.com/show_bug.cgi?id=1071695
Class Loading
BZ#1155823 - Package certificate SecurityErrors triggered by MODULES-192In previous releases of JBoss EAP 6, the JarFileResourceLoader attempted to retrieve the certificates before rather than after reading the class stream, which resulted in the certificates not being loaded.
This would cause a SecurityError to occur when signed classes were loaded concurrently by multiple threads.
In this release the JarFileResourceLoader retrieves the certificates after reading the class stream and the SecurityError no longer occurs.
See //bugzilla.redhat.com/show_bug.cgi?id=1155823
BZ#1172577 - Include additional sun.jdk dependenciesIn previous versions of JBoss EAP 6 some classes in the JDK were not exposed to the application via the sun.jdk that should have been when using JDK javax.sql.rowset.RowSetProvider and java.lang.invoke.MethodHandleProxies and depending on sun.jdk module.
In this release, applications will find classes in these packages visible when depending on the sun.jdk module:
See //bugzilla.redhat.com/show_bug.cgi?id=1172577
Domain Management,Security
BZ#1150024 - HeaderParser fails to handle delimiters in DigestAuthenticatorPrevious versions of JBoss EAP 6 carried a bug in the Digest authenticator which caused it to not correctly handle escaped delimiters within values contained in the authentication header.
Additionally, the add-user utility was not correctly escaping usernames that contained the 'backslash' character (\).
As a result, valid authentication requests were being incorrectly rejected.
In this release, the parsing of the headers has been re-worked within the Digest authentication mechanism and the add-user utility now correctly escapes the 'backslash' character in usernames allowing authentication to occur as expected.
See //bugzilla.redhat.com/show_bug.cgi?id=1150024
BZ#1153854 - Management Interface: SSL configuration does not allow disabling protocolsIn previous versions of JBoss EAP 6, it was found that while it was possible to specify the protocol to request when creating the SSLContext when configuring security realms to supply a SSLContext it was not possible to specify the protocols or cipher suites to be supported on the underlying SSLEngine.
This meant that it was not possible to select a strong set of protocols and cipher suites to be used for SSL connections.
In this release users are now able to specify a set of enabled protocols and cipher suites within the security realm definition. These will be matched against the supported protocols and cipher suites to configure the underlying SSLEngine.
In addition, the enabled protocols will be TLSv1, TLSv1.1 and TLSv1.2 by default if no configuration is specified. SSLv3 and earlier is no longer enabled by default and it is possible for the protocols and cipher suites to be configured further.
See //bugzilla.redhat.com/show_bug.cgi?id=1153854
Clustering
BZ#993041 - RuntimeException in org.jboss.as.web.session.ClusteredSession.accessPrevious versions of JBoss EAP 6, when a distributed web session was being accessed while another node was abruptly leaving the cluster, a lock acquisition could, in some instances, fail. When this occurred it resulted in the following exception:
RuntimeException: JBAS018060: Exception acquiring ownership of <session-id>The root cause of this issue was that the lock acquisition did not take into account that a cluster node might leave the cluster at exactly the same time, resulting in the lock acquisition failure.
This issue has been addressed and the exception no longer presents.
See //bugzilla.redhat.com/show_bug.cgi?id=993041
Security
BZ#1150020 - add-user utility doesn't escape names correctlyJBoss EAP 6’s add user utility iterates the value being used as the key in a properties file and escapes all occurrences of special characters.
In previous versions of the product, an error in how the characters were checked caused only the first instance of the 'equals' character (=) to be escaped. If a username contained a subsequent 'equals' character, it was not properly escaped, causing the generated properties file to be unusable.
In this release, the special character handling is now corrected to handle all occurrences of the 'equals' character and usernames containing more than one are correctly written to the properties file.
See //bugzilla.redhat.com/show_bug.cgi?id=1150020
BZ#979369 - Different behaviors of HttpSession creation with programmatic login()In the previous versions of JBoss EAP 6, the behavior of HttpSession creation differs when used together with a following programmatic login:
Without SSO: session is not created while calling the login() method. Thus, subsequent requests are unauthenticated
With non-clustered SSO: session is created while calling the login() method, but the first call does not set the authentication status. The subsequent requests are unauthenticated and the user is authenticated after the second call of login() method, because the session is already present.
With clustered SSO: session is created while login() method and subsequent requests are authenticated
This issue is fixed in the current version of JBoss EAP 6. The org.apache.catalina.authenticator.AuthenticatorBase.ALWAYS_USE_SESSION class has a new option to always create a session.
See //bugzilla.redhat.com/show_bug.cgi?id=979369
BZ#949737 - Session replication broken by NegotiationAuthenticator valvePrevious versions of JBoss EAP 6 did not include an option to define global authentication mechanisms as there was in JBoss EAP 5. To overcome this limitation the advice for enabling SPNEGO authentication was to manually add the Valve to the jboss-web.xml of the affected deployment.
The consequence of this was that the valve was invoked much earlier in the call and preceded the valve responsible for clustering. This meant that the JBoss Negotiation valve created a new HTTP session and the clustering valve did not receive any notifications regarding the life-cycle of the sessions. As the clustering valve was not receiving the notification it needed the session was not clustered and replication was affected.
This release of JBoss EAP 6 now supports defining authentication mechanisms globally. This approach deprecates adding the valve manually to the web application’s jboss-web.xml.
The SPNEGO authentication valve will now be called after the clustering valve so that the clustering valve will receive the required notifications relating to session life-cycle and will replicate the session correctly.
See //bugzilla.redhat.com/show_bug.cgi?id=949737
Domain Management,IPv6 support
BZ#1149612 - User is able to use any-ipv6-address interface on IPv4 environmentIn previous version s of JBoss EAP 6, the logic for checking for, and rejecting, the combination of an any-ipv6-address configuration for an interface and the java.net.preferIPv4Stack=true system property was done when installing the network interface service rather than waiting until the service was starting.
As a result, the check could run on host controller processes that did not need the interface service, resulting in spurious failures if the server process that would actually use the interface configuration did not have java.net.preferIPv4Stack=true set.
In this release, the consistency check is been deferred until the interface service is started, ensuring it only occurs if the service is actually in use on that process.
Now a server that does not have java.net.preferIPv4Stack=true set can use any-ipv6-address in the configuration of one of its interfaces even if the domain controller or its own host controller does have java.net.preferIPv4Stack=true set.
See //bugzilla.redhat.com/show_bug.cgi?id=1149612
mod_cluster
BZ#1083563 - Mod_cluster draining pending requests coud fail since deployments are missing dependency on mod_cluster service (seen on JDK8)The mod_cluster subsystem was draining and this would fail pending requests. This issue has been fixed in this release.
See //bugzilla.redhat.com/show_bug.cgi?id=1083563
BZ#1044879 - If "Balancer name includes" uppercase letter in name then mod_cluster will not maintain sticky sessionsIn a previous release of JBoss EAP 6, the modcluster module did not maintain sticky sessions if a load balancer’s name included upper-case letters.
This issue has been corrected in this release by making the validation of load-balancer names case-insensitive.
See //bugzilla.redhat.com/show_bug.cgi?id=1044879
RESTEasy
BZ#1090487 - Resteasy secure processing to be turn on by default to apply entity expansion limitTwo new RESTEasy parameters have been created to improve security in processing org.w3c.dom.Document documents. Both are context-param parameters and configured in the web.xml configuration file of the application.
Name: resteasy.document.secure.processing.feature Default value: true Description: Impose security constraints in processing org.w3c.dom.Document documents and JAXB object representations
Name: resteasy.document.secure.disableDTDs Default value: true Description: Prohibit DTDs in org.w3c.dom.Document documents and JAXB object representations
Note that Xerces 2.9.1.redhat-6 included in EAP 6.4.0 doesn’t support Max attributes limit.
See //bugzilla.redhat.com/show_bug.cgi?id=1090487
BZ#1088956 - MalformedByteSequenceException in Namespace test on WindowsIn a previous release of JBoss EAP 6, when encoding was not specified in the body of a client request, RESTeasy returned a response in the encoding of the server, not in the encoding of the original request.
This issue has been resolved in this release by setting UTF-8 as the default encoding if no encoding is requested by the client.
See //bugzilla.redhat.com/show_bug.cgi?id=1088956
BZ#899666 - RESTEasy: Empty cfg. param javax.ws.rs.Application produces exceptionThe RESTEasy component shipped with previous versions of JBoss EAP 6 threw an java.lang.StringIndexOutOfBoundsException: String index out of range: 0 error when the javax.ws.rs.Application configuration option in the WEB-INF/web.xml file was left empty.
The issue has been corrected in this release with an upgrade to the RESTeasy component.
See //bugzilla.redhat.com/show_bug.cgi?id=899666
Installer
BZ#977805 - Starting JBoss Administration Console from start menu is not working on SolarisDue to a gvfs-open issue on Solaris, start menu shortcuts for the Administration Console on Solaris do not work for a JBoss EAP 6 instance that has been installed using the installer.
From JBoss EAP 6.4 and onwards, start menu shortcuts for the Administration Console will not be created for JBoss EAP 6 instances that have been installed using the installer on Solaris.
See //bugzilla.redhat.com/show_bug.cgi?id=977805
BZ#1032892 - Unable to use tab filling for path starting with a drive letter on windows.In previous versions of JBoss EAP 6, tab completion for directory paths which start with a drive letter was not working in the console installer of JBoss EAP 6 on Microsoft Windows Server.
When entering a path which starts with a drive letter, for example `C:\`, and pressing the +Tab+ key, nothing was shown. In this situation, it is expected that it will show the contents of that directory.
This issue has been fixed in this release and tab-completion works as expected.
See //bugzilla.redhat.com/show_bug.cgi?id=1032892
CDI/Weld,Transaction Manager
BZ#1098127 - "Failure while notifying an observer of event" in CDI transactional observer methods with remote EJB call using JTSIn previous versions of JBoss EAP 6, firing a CDI event from a remote EJB client using JTS transactions resulted in a failure in invocation of transactional observers on the server.
This was fixed by correcting the JNDI namespace selection for transaction synchronization callbacks in the Weld integration code.
Transactional observers are now properly invoked in distributed transaction scenarios.
See //bugzilla.redhat.com/show_bug.cgi?id=1098127
Naming
BZ#1131626 - ERROR: remote lookup Channel end notification received, closing channel Channel ID is seen when looking up a remote queueIn previous versions of JBoss EAP 6, an error could be encountered when performing a lookup on a remote queue from within an EJB, even though the operation executed successfully.
An upgrade to the jboss-remote-naming has resolved this issue.
See //bugzilla.redhat.com/show_bug.cgi?id=1131626
Domain Management,Testsuite
BZ#1078062 - ManagementClientContentTestCase is sometimes fails (different JDK dor master and slave)In previous release of JBoss EAP 6, map used in the storage mechanism for management-client-content returned different values of the 'hash' attribute for the management-client-content=rollout-plans resource on different processes in a domain.
In JBoss EAP 6.4, this error is fixed by updating the map with consistent ordering used for storing management-client-content. The 'hash' attribute for the management-client-content=rollout-plans resource returns the same value on all processes in a domain.
See //bugzilla.redhat.com/show_bug.cgi?id=1078062
JCA
BZ#1107120 - Failures when deploying MySQL JDBC driver to EAP 6.xA previous release of JBoss EAP 6 carried a bug that prevented the MySQL JDBC driver being depoyed under certain circumstances.
The deployment would fail, informing the user that the deployment already existed. Any attempt to remove an existing deployment also failed.
This issue has been resolved and the driver deploys as expected.
See //bugzilla.redhat.com/show_bug.cgi?id=1107120
Web Console - UX
BZ#1016546 - RBAC: Unclear error message when trying to configure Auditor role as AdministratorIn previous releases of JBoss EAP 6, if a user attempted to perform an operation which they did not have permission to execute, they would receive the following error message:
You don't have the permissions to access this resource!
This message could be confusing to users as they were attempting to perform an operation, not attempting to access a resource. This error text has been clarified and now reads:
You don't have the permissions to perform this operation!
See //bugzilla.redhat.com/show_bug.cgi?id=1016546
Security,Web
BZ#952518 - run-as does not work for Servlet init() and destroy() methodsPrevious versions of JBoss EAP 6 carried an issue where the run-as identity was not being used for Servlet.init(), which was contrary to the Java Servlet 2.4 specification.
This was caused by the RunAsListener not existing in JBoss EAP 6 as it had previously in JBoss EAP 5.
This issue has been addressed in this release and the product now adheres to the specification in this regard.
See //bugzilla.redhat.com/show_bug.cgi?id=952518
Scripts and Commands,Security
BZ#901193 - add-user check is not i18n, while prompt isThe add-user utility in JBoss EAP 6 prompts users to confirm the action they are about to take based on the current locale. Where user input was being compared with the different translations, the user input was being converted to lower case whilst the translated value was not.
This meant the add-user utility was not able to identify which option the user had selected due to the difference in case for comparison and was reporting an error to the user to tell them they had not selected a valid value.
In this release both the user’s input and the translated values being compared are converted to lower case before comparison. Internationalized responses are now correctly accepted for the confirmation dialogues within the add-user utility.
See //bugzilla.redhat.com/show_bug.cgi?id=901193
IPv6 support
BZ#900564 - Wrong format of IPv6 addresses in log entriesLogged IPv6 addresses in previous releases of JBoss EAP 6, were not wrapped in square brackets as required. In this release, the handling of IPv6 addresses has been addressed and they are bracketed in logs as expected.
See //bugzilla.redhat.com/show_bug.cgi?id=900564
Apache Server (httpd) and Connectors
BZ#1188769 - snmpd.conf isn't loaded on Windows except it is in confIt was found that the SNMPConf configuration settings were ignored in previous versions of JBoss EAP 6 installed on Windows systems, causing the agent to start on port 161.
In this release, the snmpd.conf.sample configuration has been added to etc/httpd/conf and is honored as expected.
See //bugzilla.redhat.com/show_bug.cgi?id=1188769
PicketLink
BZ#1170792 - SAML11TokenProvider and SAML20TokenProvider do not take CLOCK_SKEW into accountIn previous versions of JBoss EAP 6, the `SAML11TokenProvider` and `SAML20TokenProvider` did not take the `CLOCK_SKEW` attribute into account when validating the tokens.
As a result, if the clock on the validating host and the STS are not synchronized, authentication could fail.
In this release, the `SAML11TokenProvider` and `SAML20TokenProvider` have been modified to honor the `CLOCK_SKEW` during token validation. The clocks on the validating host and STS can be misaligned within the `CLOCK_SKEW` limit and authentication will succeed.
See //bugzilla.redhat.com/show_bug.cgi?id=1170792
CLI
BZ#1139515 - cli deploy command with unpaired quotation mark causes StringIndexOutOfBoundsExceptionWhen running previous versions of Jboss EAP 6 on Windows, using jboss-cli.bat to deploy an application would throw an exception when trying to tab complete an open quote (").
Attempting this action would result in the following error:
java.lang.StringIndexOutOfBoundsException: String index out of range: -1In this release, the exception will not occur.
See //bugzilla.redhat.com/show_bug.cgi?id=1139515
Hibernate
BZ#1132207 - HHH-9389 Foreign key column name for table mapping @ElementCollection uses entity class name instead of specified entity nameIn previous releases of JBoss EAP 6, the name attribute for @Entity(name="...") is ignored in computing the prefix for foreign key columns used to join the entity table to tables mapping @ElementCollection properties
As a result, the computed foreign key prefix is the entity class name rather than the name supplied in the @Entity annotation
In this release, the @Entity annotation name property is used to compute the foreign key name prefix. For example, the ``@Entity(name="prod")` public class Product will result in a computed foreign key (for the @ElementCollection table) with the prefix 'prod' rather than 'Product'.
See //bugzilla.redhat.com/show_bug.cgi?id=1132207
RPM
BZ#1124516 - File snmpd.conf.sample is missing in rpmThe 'httpd/conf.d/snmpd/snmpd.conf.sample' file was missing from the following versions of the 'mod_snmp' RPMs:
mod_snmp-2.4.1-7.GA.ep6.el5.i386.rpm
mod_snmp-2.4.1-7.GA.ep6.el5.x86_64.rpm
mod_snmp-2.4.1-8.GA.ep6.el6.i386.rpm
mod_snmp-2.4.1-8.GA.ep6.el6.x86_64.rpm
mod_snmp-2.4.1-9.GA.ep6.el7.x86_64.rpm
This issue has been resolved in this release of the product.
See //bugzilla.redhat.com/show_bug.cgi?id=1124516
Table 1. Other Resolved Issues
| BZ#1187027: Deprecation of :enable / :disable operations for datasources |
| BZ#1168836: Back port of JBTM-2279 in to JBoss EAP 6.4 |
| BZ#1152477: Annotation @RolesAllowed doesn't work for generic types in EJBs |
| BZ#1151526: SAAJ SOAPConnection doesn't return SoapFault for HTTP 400 |
| BZ#1148728: Property substitution for username in remote-outbound-connection doesn't work |
| BZ#1147715: use JCA XidWrapper only if needed |
| BZ#1139102: The node-identifier default value uses invalid dash char '-' |
| BZ#1138595: Can't get implementing classname for JSR77 MBean |
| BZ#1132207: Foreign key column name for table mapping @ElementCollection uses entity class name instead of specified entity name |
| BZ#1127999: JBOSS JSP class loading problem due to case insensitivity |
| BZ#1127329: Invalid boolean values are set to 'false' instead of null |
| BZ#1127318: JAXB Unmarshaller sets the incorrect element as nil |
| BZ#1104691: Hosted page is not served properly (jsp headers not taken into account, served as text) |
| BZ#1103735: Classloader leak in JBossCachedAuthenticationManager |
| BZ#1098074: AccountIDPMapProvider parameter of AccountChooserValve is ignored |
| BZ#1085500: JBoss Negotiation should fallback to form authentication instead of returning 401 |
| BZ#1064217: SAML Assertion parsing - empty AttributeValue raises exception |
| BZ#1062104: JAAS login module's logout() method is not invoked with cache-type="infinispan" |
| BZ#1062101: JAAS login module's logout() method is not invoked removing cache-type |
| BZ#1057835: JBoss EAP6 is not able to parse ejb-jar.xml of version 2.0 |
| BZ#1054556: AuditProvider mentions "[Success]" even if username/password is invalid |
| BZ#1024239: Strange behaviour of connection-properties=hoge:remove, :disable and :remove of a datasource |
| BZ#1018026: Fail to remove the content file from the domain/servers/serverName/data/content folder when undeploying application from a stopped server |
| BZ#900984: Setting transaction timeout on UserTransaction leaks to the thread and doesn't get cleared |
| BZ#1149020: EJB Compression missing Server Side Handler |
| BZ#1090406: Server fails to start when transactions subsystem attribute process-id-uuid is set to false |
| BZ#1080140: JTS transaction log record type PREPARED is not changed to HEURISTIC after connection to db is restored |
| BZ#1080035: Inconsistency for recovery when db connection fails for Oracle database when running on JTS |
| BZ#1001909: Last resources is not committed prior to other resources |
| BZ#1188643: PicketLink throws java.lang.RuntimeException: PLFED000092: Null Value: Destination is null |
| BZ#1188642: SAML11TokenProvider and SAML20TokenProvider do not take CLOCK_SKEW into account |
| BZ#1187026: Deprecation of -ds.xml deployments |
| BZ#1172419: EAP6 unable to use ports > 32767 |
| BZ#1171863: Backport WFLY-4140: In some case :activate on resource-adapter fails if id != archive_name |
| BZ#1170359: InitialContext re-wrapping specific NamingExceptions with more generic NamingException |
| BZ#1163646: Setting "org.jboss.as.jaxrs.enableSpringIntegration" to "true" causes JaxrsSpringProcessor to throw NullPointerException |
| BZ#1158498: Cannot enable NamingStrategyDelegator implementations using entity manager |
| BZ#1155815: Array of size 0 causes java.lang.ClassCastException |
| BZ#1154936: Add optional fastinfoset dependency in org.apache.cxf |
| BZ#1148603: Hibernate AbstractCollectionPersister method processQueuedOps calls a deprecated method which has negative impact on the performance |
| BZ#1147412: Datasource recreated upon delete or disable if max connections InUse |
| BZ#1140278: Logging application constraints don't allow Deployers to modify logging in web console |
| BZ#1132188: Prefill does not work for the last url in connection-url when HA Datasource failover is enabled |
| BZ#1131691: JBoss Remoting version (unknown) in AS log |
| BZ#1131612: PickletLink IdP Filter eating cookies added to response by other filters |
| BZ#1131225: Fallback to FORM authentication when an invalid kerberos token is used |
| BZ#1130863: Setting some locales causes missing buttons on console and throws errors |
| BZ#1128278: HQL FromElement is not reused in some cases resulting in an additional join |
| BZ#1125004: vault.sh / VaultSession fail when using specific keystore password / salt / iteration count combination |
| BZ#1124086: Vault should throw exception if different alias name is specified to vault |
| BZ#1117364: Setting "Socket Timeout" or "Stop Context Timeout" to 0 in mod_cluster configuration yields "Unknown error" |
| BZ#1115650: jboss-remote-naming thread does not shutdown even if calling "javax.naming.InitialContext#close()" |
| BZ#1192088: - Reserve static gid/uid for jboss user |
JSF
BZ#1096905 - InstantiationException on WeldApplicationFactory when switching to JSF 1.2 in EAP 6.2.JBoss EAP 6 allows users to choose a JSF version for a deployment using descriptors bundled with the deployment.
This, however, currently does not work correctly when the deployment also uses CDI. It is currently not possible to have two different deployments use different versions of JSF if both deployments also use CDI.
When this is attempted, an exception is thrown and the deployment fails with the following error:
java.lang.InstantiationException: org.jboss.as.weld.webtier.jsf.WeldApplicationFactoryThough using JSF 1.2 with CDI is not officially supported, since JSF 1.2 is an EE5 technology and CDI is an EE6 technology, it is still possible to make JSF 1.2 work with CDI for all deployments using the following workaround:
Set 1.2 as the default JSF version in EAP by executing the following command in jboss-cli: /subsystem=jsf/:write-attribute(name=default-jsf-impl-slot,value=1.2)
Configure JSF 1.2 dependency for the Weld module in both /modules/system/layers/base/org/jboss/weld/core/main/module.xml and `/modules/system/layers/base/org/jboss/as/weld/main/module.xml by changing the line <module name="javax.faces.api"/> to <module name="javax.faces.api" slot="1.2" />
See //bugzilla.redhat.com/show_bug.cgi?id=1096905
EJB
BZ#1188420 - EJB Asynchronous pass POJO by reference leading to ClassCastException errors in remote invocationsIn this release of JBoss EAP 6, an Asynchronous EJB call via the EJB's Remote Interface from a client to an EJB running in the same JVM fails with a ClassCastException.
This is because the request/response are not being marshalled as they should and the client andå EJB are not using the same classloader.
This is expected to be resolved in a future release and the request/response will be marshalled as it should since it is a Remote interface call, allowing the client and EJB to use different classloaders and not fail with a ClassCastException.
See //bugzilla.redhat.com/show_bug.cgi?id=1188420
BZ#1020074 - EJB clients do not attempt to reconnect to any receivers until all receivers have failedThis release of JBoss EAP 6 carries an issue in the EJB component.
EJB clients should attempt to reconnect to receivers when they detect a failed connection. Instead the connection attempt is not made until there are no available receivers.
As a result, this makes it ineffective to use this method in a load balancing configuration. The cause of this problem is still under investigation.
See //bugzilla.redhat.com/show_bug.cgi?id=1020074
BZ#952746 - Fix transaction recovery failures involving remote EJB resourceIn this release of JBoss EAP 6, transaction recovery operations can fail if they involve remote EJB resources that may have crashed.
The issue presents because when a connection breaks down between the server and the client (specifically when the client crashes and is restarted); the server and the client will not automatically communicate with each other.
In these scenarios, the server will have no knowledge that the client has started again, effectively meaning that the EJB tx recovery process will not know which EJB nodes to communicate with.
This issue is under investigation and a solution is being developed.
See //bugzilla.redhat.com/show_bug.cgi?id=952746
BZ#1036040 - Calling EJB with "REQUIRES_NEW" transaction attribute creates two transactions.In this release of JBoss EAP 6, an issue in the EJB component causes transaction statistics to show an incorrect number of processed transactions.
This is becuase the CMTTxInterceptor and LifecycleCMTTxInterceptor interceptors create two transactions when handling EJB requests. One is a dummy transaction and other is used for managing resources. This results in the one EJB request being counted twice in statistics.
There is no workaround available at this time.
See //bugzilla.redhat.com/show_bug.cgi?id=1036040
BZ#990102 - Concurrent access timeout -- could not obtain lock within 5000 MILLISECONDSThis release of JBoss EAP 6 carries a bug that could produce a concurrent access timeout when an EJB client invoking a method on a stateful bean in a "forwarding" cluster; this bean forwards the call to stateful beans in a "target" cluster, and then back again. Invocations are serial; the client will not invoke a method on a bean until it got a response to previous invocation. When one of the servers in the cluster is shut down, the error occurs.
See //bugzilla.redhat.com/show_bug.cgi?id=990102
Web
BZ#1076439 - NIO2 Connector is not properly reloaded during reload operation on IBM JDK (IBM JDK 1.7 and 1.8)If this release of JBoss EAP 6 is started on IBM JDK 1.7 or IBM JDK 1.8 and an attempt is made to reload the server, following error message appears in logs.
ERROR [org.apache.coyote.http11.Http11NioProtocol] (MSC service thread 1-6) JBWEB003043: Error initializing endpoint: java.net.BindException: Address already in useThis error is caused by an issue with the IBM JDK which results in the NIO2 connector not reloading properly and the original remaining running. To work around this issue, either use different connector (note that each connector has its own capabilities) or use a different JDK.
This issue is expected to be resolved in a future release of the product.
See //bugzilla.redhat.com/show_bug.cgi?id=1076439
BZ#918130 - JBossWeb connectors start before application deployments are completed in EAP 6A timing issue with JBossWeb connectors on startup has been discovered, in which the connectors start and accept requests before applications are fully deployed.
In these circumstances, client connections via either a load balancer or direct to JBoss EAP are returned a 404 message. This issue affects JBoss EAP versions 6.0.1 and greater.
No workaround is available but the issue is under investigation.
See //bugzilla.redhat.com/show_bug.cgi?id=918130
BZ-1086399 - WebSockets should support CDI as per JSR-356The JBoss EAP 6.4 WebSocket implementation provides full dependency injection support for server endpoints, however, it does not provide CDI services for client endpoints.
CDI support is limited to that required by the EE6 platform, and as a result, EE7 features such as interceptors on endpoints are not supported.
Web Console
BZ#1180206 - Unable to unset wsdl-port and wsdl-secure-port if wrong value is entered firstIt is not possible to change values of WSDL attributes port and secure port back to undefined via console if they already have any value set. Input fields for these attributes currently allows only numeric values and don't handle empty string as undefined.
Workaround: To unset these attributes, use one of the following command in the management CLI:
/subsystem=webservices:undefine-attribute(name=wsdl-port)/subsystem=webservices:undefine-attribute(name=wsdl-secure-port)See //bugzilla.redhat.com/show_bug.cgi?id=1180206
BZ#1014048 - RBAC: Log in right after log out wont clear UI properly in domain modeIn some cases, when logging out of the Web Console, the console is partially rendered before logging in as another user. This leads to "mixed" content where parts of the screen are rendered as if the old user was logged in and parts of the screen as the new user was logged in.
This issue is not a security risk and no sensitive data will be revealed.
As a workaround, close the browser window (not just the active tab) and log in as the new user.
See //bugzilla.redhat.com/show_bug.cgi?id=1014048
BZ#1027586 - RBAC: Web console is too coarse-grained with application resourcesIn this release of JBoss EAP 6, when a resource is defined as an application resource, the console may not reflect that definition. This is because the console often groups several resources under one view. The controls in the views are available if all related resources are writable. If any of these resources is configured as an application resource, however, the related controls will still be disabled.
The current workaround is to, if possible, configure all resource types associated with a subsystem as application resources.
See //bugzilla.redhat.com/show_bug.cgi?id=1027586
JMS
BZ#1033008 - Generic JMS RA is not consistent with the EE spec - it does *not* ignore the parameters when session is created in the transaction contextThis release of JBoss EAP 6 carries the following issue in the JMS component.
When a session is created in a transaction’s context and parameters are passed to the generic JMS resource adapter, a NullPointerException (NPE) occurs.
The issue occurs because the processing of parameters is attempted, when the Java EE specification states that they are not to be processed.
The root cause of the issue is under investigation, but until then a workaround is to set the session to be transacted, as per the following example. With this workaround, the NPE will not occur.
connection.createSession(true, Session.SESSION_TRANSACTED);See //bugzilla.redhat.com/show_bug.cgi?id=1033008
Security
BZ#1103684 - Unable to share Identity Security Domain across datasourcesThis release of JBoss EAP 6 carries a bug that presents the error javax.resource.ResourceException: No matching credentials in Subject! when multiple datasources are defined backed by the same security domain.
This issue is being investigated and is expected to be resolved in a future release of the product.
See //bugzilla.redhat.com/show_bug.cgi?id=1103684
BZ#1052644 - LdapExtLoginModule cannot find custom ldap socket factoryIn this release of JBoss EAP 6 the LdapExtLoginModule does not set the TCCL to the classloader of a (configurable) JBoss module. The JBoss module would contain a custom socket factory.
As a consequence the LdapExtLoginModule cannot use custom socket factories for creating connections to the ldap server. A ClassNotFoundException will be thrown when attempting to use a custom socket factory with the LdapExtLoginModule.
This issue will be resolved in a future release of the product.
See //bugzilla.redhat.com/show_bug.cgi?id=1052644
BZ#1145490 - FIPS 140-2 compliant mode doesn't work in JDK-8This release of JBoss EAP 6 carries the following JDK8 issue:
When using an RSA client key exchange in SSL/TLS protocols, the SunJSSE provider cannot work in FIPS 140 compliant mode. This issue does not impact the default mode of SunJSSE.
Domain Management
BZ#1015524 - RBAC: unable to deploy the same deployment which was already deployed by user from different server-group scopeWhen role-based access controls are enabled, management users with server-group scoped roles might have new deployments fail with the following message:
"JBAS014807: Management resource '[(\"deployment\" => \"example.war\")]' not found"This occurs because a deployment with the same name already exists in the domain. This is correct behaviour. However because the management user is scoped to a server group, they will be unable to see if such a deployment already exists in another server group. This makes it difficult to avoid this confusing error.
To workaround this limitation, Red Hat recommends that either non-scoped roles are assigned to the users responsible for adding deployments to a domain, or that a list of deployment names is maintained so that management users are aware of them.
See //bugzilla.redhat.com/show_bug.cgi?id=1015524
BZ#1021607 - RBAC: The two kinds of non-addressabilitySome resources are non-addressable to server-group and host scoped roles in order to provide a simplified view of the management model to improve usability. This is distinct from resources that are non-addressable to protect sensitive data.
For server-group scoped roles this means that resources in the profile, socket binding group, deployment, deployment override, server group, server config and server portions of the management model will not be visible if they are not related to the server-groups specified for the role.
For host-scoped roles this means that resources in the /host=* portion of the management model will not be visible if they are not related to the server groups specified for the role.
However in some cases this simplified view can hide information that while it is outside the scope of what the user is managing, it can provide guidance to the user as to a course of action. An example of this is BZ# 1015524.
In a future release, some of these non-addressable resources might be changed to be addressable but non-readable. This will not affect the security of the server because they were not non-addressable for security reasons. Red Hat recommends that you do not rely on the non-addressability of resources to hide information unless the non-addressability is defined in a sensitivity constraint.
See //bugzilla.redhat.com/show_bug.cgi?id=1021607
Clustering
BZ#917635 - Failed to load session: NullPointerExceptionA Known Issue in this release can cause a NullPointerException with a 'Failed to load session' message to be encountered after application deployment in some circumstances.
This issue is expected to be resolved in a later release of the product.
See //bugzilla.redhat.com/show_bug.cgi?id=917635
BZ#959951 - CacheException: java.lang.RuntimeException: Failure to marshal argument(s) at server shutdownOn shutdown of a server the following message may be logged:
CacheException: java.lang.RuntimeException: Failure to marshal argument(s) at server shutdownThis message occurs because Infinispan does not yet support clean shutdown and can be safely ignored. This issue is being investigated but no known workaround is available.
See //bugzilla.redhat.com/show_bug.cgi?id=959951
BZ#901162 - TimeoutException: Unable to acquire lockA Known Issue exists in this release of JBoss EAP 6 that produces a TimeoutException: Unable to acquire lock under some circumstances.
This issue is expected to be resolved in a later release.
See //bugzilla.redhat.com/show_bug.cgi?id=901162
BZ#900483 - Stale session data received when using DIST SYNC on jvm killDuring testing, some cases showed that stale session data was received when a node shut down and DIST SYNC or DIST ASYNC cache mode was used. This issue is still under investigation.
See //bugzilla.redhat.com/show_bug.cgi?id=900483
BZ#900946 - IllegalStateException: Cache is in 'TERMINATED'/'STOPPING' state.This release of JBoss EAP 6 carries a bug that may cause an IllegalStateException to appear after an application is undeployed on one node within 5 seconds of having been deployed on another node within the cluster.
This issue in under investigation and is expected to be resolved in a future release.
See //bugzilla.redhat.com/show_bug.cgi?id=900946
BZ#900378 - CDI beans with SET replication trigger are not replicatingDue to a bug in the Weld component, the setAttribute method is not called correctly. This causes CDI beans with the SET replication trigger to fail to be replicated.
The workaround is to use the SET_AND_NON_PRIMITIVE_GET trigger for these beans. This will be fixed in a future release.
See //bugzilla.redhat.com/show_bug.cgi?id=900378
BZ#922699 - IllegalStateException: AtomicMap stored under key X has been concurrently removed!An IllegalStateException can be thrown in rare cases when routine processing expiration and passivation accesses a session that is concurrently removed. This causes an exception to be thrown and logged.
The exception can be ignored. However, disabling session passivation will ensure the problem is avoided.
See //bugzilla.redhat.com/show_bug.cgi?id=922699
Transaction Manager
BZ#1039081 - Please remove "path" and "relative-to" attributes from CLI.Due to functionality not included in JBoss EAP 6, the path and relative-to attributes have no use in the transactions subsystem of the CLI. These attributes have been deprecated in this release of the product and will be removed entirely in a future release.
See //bugzilla.redhat.com/show_bug.cgi?id=1039081
JDR
BZ#917683 - Jdr utility generates wrong archive entry name running on WindowsA bug has been found in the JDR utility when used in Windows environments. It has been reported that the utility will append the last character of the originating $JBOSS_HOME directory to the JBOSS_HOME directory created inside the archive.
For example, for an originating JBOSS_HOME directory named 'jboss-eap-6.2' the JDR utility would produce an archive directory called 'JBOSS_HOME2'.
The cause of this bug is still being investigated and no workaround to prevent it exists.
See //bugzilla.redhat.com/show_bug.cgi?id=917683
XML Frameworks
BZ#1065128 - Performance issue with Xalan transformer and very large text nodesA bug has been found in this release of JBoss EAP 6 that causes performance issues when attempting to convert large text nodes using the Xalan Transformer. When using the Transfomer to convert a StreamSource to DOMResult, the performance of the Transformer decreases as the size of the character data increases. This is a Known Issue and will be corrected in a later release of the product.
See //bugzilla.redhat.com/show_bug.cgi?id=1065128
CLI
BZ#1054874 - jboss-cli.sh cygwin supportThis release of JBoss EAP 6 contains a bug that may create problems using the product in a Cygwin environment.
Differences in the POSIX and Microsoft Windows pathing implementations may cause the path variables in the jboss-cli.sh shell script to not function as expected.
This issue is expected to be resolved in a future release of the product.
See //bugzilla.redhat.com/show_bug.cgi?id=1054874
Web Services
BZ#1079049 - Problem using @SchemaValidation in combination with wsrm 1.1If a client sends a WS-RM 1.1 message that references CreateSequence to an endpoint that utilizes WS-RM along with schema validation, the application throws the following error:
Unmarshalling Error: cvc-elt.1: Cannot find the declaration of element 'CreateSequence'.CreateSequence is not found in the fGrammerPool in org.apache.xerces.impl.xs.XMLSchemaLoader because CXF and JBossWS do not yet fully support WS-RM 1.1.
See //bugzilla.redhat.com/show_bug.cgi?id=1079049
BZ#1074368 - Schema element generated from exception class doesn't honor @XmlElement annotationA bug has been found in this release of JBoss EAP 6 wherein Schema generated from exception classes do not honor the @XmlElement annotation. This issue will be resolved in a future release of the product.
See //bugzilla.redhat.com/show_bug.cgi?id=1074368
mod_cluster
BZ#900047 - SystemMemoryUsageLoadMetric is not correct on Linux/UnixThe SystemMemoryUsageLoadMetric does not show useful information on Linux or UNIX operating systems. For these systems, HeapMemoryUsageLoadMetric provides more useful information. The solution to this problem will be to change the algorithm of SystemMemoryUsageLoadMetric to subtract the buffers/cache value from the used number.
The best method for doing this is under investigation.
See //bugzilla.redhat.com/show_bug.cgi?id=900047
BZ#1085427 - StickySessions don't work for ProxyPass from unenabled contextThis release of JBoss EAP 6 carries a bug that prevents StickySessions from working for ProxyPass from unenabled context. This issue is expected to be resolved in a future release.
See //bugzilla.redhat.com/show_bug.cgi?id=1085427
BZ#901170 - Apache with mod_cluster refuses to start (manager.node)Customers have reported that in Windows Server 2008 environments with User Account Control (UAC) enabled, files and directories required for mod_cluster are not created.
As a result, the Apache httpd process fails to start in JBoss EAP 6 installations that utilize mod_cluster. The following error is produced:
[Tue Nov 06 07:55:18 2012] [emerg] create_mem_node C:/tmp/jboss-ews-2.0/var/cache/mod_cluster/manager.node failed: Access is denied. Configuration FailedWhile disabling UAC prevents this issue from occurring, it has been concluded that this issue is caused by a Windows administration error.
If the correct path is set in MemManagerFile, the issue only presents when user/service permissions are misconfigured.
This scenario could most likely occur in Domain Controlled environments where the Domain Administrator must grant the proper Domain permissions so that UAC does not consider MemManagerFile as a threat.
No further action will be taken on this issue.
See //bugzilla.redhat.com/show_bug.cgi?id=901170
RESTEasy
BZ#899664 - RESTEasy: Boolean configuration parameters don't reject non-sense contentThis release of JBoss EAP 6 carries a bug that allows invalid Boolean configuration parameters to be set. This behavior is unintended as invalid parameters should be rejected and the application should not be deployed.
This issue is expected to be resolved in future release of the product.
See //bugzilla.redhat.com/show_bug.cgi?id=899664
JCA
BZ#1184610 - Race condition registering resource adapters at startupThis release of JBoss EAP contains a race condition when registering resource adapters where multiple threads may attempt to create the resource adapters subsystem.
Where multiple resource adapters have been defined, two or more threads may try to create the resource adapters subsystem in memory (e.g. during server startup). Only one thread can successfully complete this task. Other threads will fail, leaving one or more resource adapters in an non-deployed state.
This issue is expected to be resolved in a future release of the product.
See //bugzilla.redhat.com/show_bug.cgi?id=1184610
Table 2. Other Known Issues
| BZ#1018705: MODCLUSTER000022: Failed to drain n remaining pending requests |
| BZ#1097211: JBossWS testsuite failures on Solaris11 and JDK7 with BC and unlimited cryptography |
| BZ#1110515: mod_cluster Connected count shows improper inflation |
| BZ#1125934: access-log does not log 404 for non-existent context when enable-welcome-root is set to false in EAP |
| BZ#1142804: PicketLink SAML based SSO using REDIRECT binding: redirect to SP is sent with non-zero content-length header without a content |
| BZ#1146238: Can't login to admin console with JAAS secured management interfaces with --admin-only |
| BZ#1147352: Overlay does not work for subunits in exploded deployments |
| BZ#1157766: VirtualHosts share pointer to mod_proxy configuration, results in: CreateBalancers behave the same with option 0 or 2 |
| BZ#1166881: SPFilter needs to updated to match functionality of SP valve |
| BZ#1168441: CovalentSNMP/2.3.0, mod_snmp Apache HTTP Server doesn't start with the sample file on Windows |
| BZ#1184956: Session draining difference between EAP 6.3 and EAP 6.4 |
| BZ#1185060: Infinispan JAAS cache implementation does not call logout on eviction/removal |
| BZ#1193459: error-info\n messages with CovalentSNMP/2.3.0, mod_snmp Apache HTTP Server |
| BZ#901164: Servlet @Inject-ing SFSB timeouts/receives stale data/sessions are lost after failover |
| BZ#1181036: Change in AdvertiseSecurityKey on the httpd side shouldn't be ignored by running workers |
| BZ#1168921: Kerberos authentication for Management CLI does not work with IBM JDK |
| BZ#1187092: Kerberos authentication for remoting EJB does not work with IBM JDK |