Class Loading

1054984 - Initialization of MBeans uses wrong TCCL

In previous versions of JBoss EAP, it was found that an application's TCCL (thread context class loader) was not appropriately set when initializing MBeans found in .sar files. This meant that resources in the deployment were not available to the MBean upon initialization. In this update to the product, the TCCL is now set appropriately surrounding the call to the MBean initialization and MBeans can now access deployment resources upon initialization.

1007181 - testConnection should account for deployment classloader

A bug was uncovered that could cause earlier versions of JBoss EAP to throw an exception when testing a datasource. The exception presented while using the LDAP protocol in the datasource connection-url tag. The product was failing to instantiate InitialContextFactory because the "org.jboss.as.connector" module was not able to access some of the JDK provided classes (such as com.sun.jndi.ldap.LdapCtxFactory). This resulted in a datasource connection test failure when the Datasource connection-url was using ldap:// protocol.

This issue was resolved by adding a dependency on sun.jdk to the org.jboss.as.connector module. This makes the required JDK classes accessible from the connector module and the datasource testing using CLI using "test-connection-in-pool" operation succeeds.

Clustering

1051591 - Clustered session memory leaking

A memory leak was found in earlier versions of JBoss EAP. Lock objects that were created to track session ownership per node were not removed from memory if the session timed out, resulting in the memory leak. This release of the product ensures the lock objects are removed when sessions time out, resolving the memory leak.

EE

1058959 - JBMETA-371: DefaultPropertyReplacer + PropertyResolver is broken for vault expressions

Property replacement failed when enabled via spec-descriptor-property-replacement because of a fault in the algorithm. It assumed that the contents of the expression string were contained between "${" and "}", also that it used a fixed format like the previous JBoss EAP system properties, for example, propertyname[: default value]). The PropertyResolver would proceed to resolve propertyname and that resolution attempt would fail. The algorithm has now been corrected and property replacement now occurs as expected.

EJB

1059914 - @Schedule EJB Timer not using timezone when calculating next timeout

In previous versions of JBoss EAP 6, a bug was encountered where, if the @Schedule EJB timer used a timezone that was different to that used by the server, any timer invocations after the initial invocation would not fire correctly. This release addresses this behavior and all timer invocations fire as expected when timezones differ between the server and the @Schedule.

1065519 - Remote ejb client code converts '$$' to '$' in passwords

It was found that password validation could fail under certain circumstances in earlier versions of JBoss EAP. The cause was found to be that the PropertiesBasedEJBClientConfiguration class treated the password as an expression. As a result, it would attempt to expand any passwords containing the string $$. This could result in the passwords differing between the client and the server and, hence, failing validation. A modification has been made to the PropertiesValueResolver so that it no longer attempts to expand password expressions by default. Users can return to earlier behavior by setting the jboss-ejb-client.expandPasswords to true to expand passwords.

JSF

1051652 - JAVASERVERFACES-3080: Issue when more than one f:viewParam is included in f:metadata.

Due to an upstream bug, including more than one f:viewParam inside f:metadata did not work in previous versions of JBoss EAP 6. An upgrade to the JSF component has resolved this issue and now more than one f:viewParam can now be included in f:metadata.

Logging

1032627 - /subsystem=logging/logger=any.category:assign-handler can not run under batch mode

An erroneous name attribute was added to the logging model in a previous version of JBoss EAP. This resulted in the operation trying to add the final handler name to the logger or async-handler multiple times. To correct this behavior, the name attribute is no longer added to the model and the operation correctly gets the handler name from the operation context. In this release of the product, adding handlers to a logger or async-handler in a composite operation works correctly.

1066607 - Using a log4j appender as a custom-handler should invoke the activateOptions if required

In previous versions of JBoss EAP, changing a property in a custom-handler that was a log4j appender did not invoke the OptionHandler.activateOptions() on the appender if the appender implemented OptionHandler. It required a restart of logging resources for the change to take effect. In this release, the activation method is now invoked if properties are changed on the log4j appender and a restart is no longer required for OptionHandler appenders.

Naming

1053426 - Remote Naming throws the same exception for different causes

In previous versions of JBoss EAP 6 the same exception was thrown in response to a number of connection errors that could arise when a Remote Naming client failed to connect to any host. This behavior was sub-optimal as it gave users no indication of the actual error encountered for any given server. The exception thrown in all cases was as follows.

javax.naming.NamingException: Failed to connect to any server. Servers tried: [remote://localhost:4447]

In this release the exceptions thrown align more closely to the actual cause of the failure.

If the host or port details are incorrect, the following CommunicationException will be thrown, indicating the connection timed-out:

javax.naming.CommunicationException: Failed to connect to
any server. Servers tried: [remote://localhost:4447 (Operation failed
with status WAITING after 5000 MILLISECONDS), remote://localhost2:4321
(Operation failed with status WAITING after 5000 MILLISECONDS)] [Root
exception is java.net.ConnectException: Operation failed with status
WAITING after 5000 MILLISECONDS]

If one of the available servers responds, but the subsequent authentication fails, the following AuthenticationException will be thrown:

					javax.naming.AuthenticationException: Failed to connect to any server. Servers tried: [remote://localhost:4447 (Authentication failed: all available authentication mechanisms failed), remote://localhost2:4321 (Operation failed with status WAITING after 5000 MILLISECONDS)] [Root exception is javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed]

An appropriate message will be given for failures connecting to each server in the list.

Patching

1069190 - Patch conflict with JBoss EAP with natives installed

When attempting to apply the JBoss EAP 6.2.1 cumulative patch to an installation on which native components had been installed, the patch command failed with the error message:

Conflicts detected: org.hornetq:main, org.jboss.as.web:main
Use the --override or --preserve arguments in order to resolve the conflict.

However, installing the cumulative patch with the --override-modules argument disabled the native components. As a consequence, it is not possible to install the JBoss EAP 6.2.1 cumulative patch if native components are installed.

The JBoss EAP 6.2.2 cumulative patch is built differently and is compatible with native components.

Scripts and Commands

1056130 - add-user.sh syntax Cygwin fix

It was found that the add-user.sh script would fail when run in Cygwin environments. The cause was identified as a poorly formatted line of code in the script. The syntax has been corrected and the script now operates as expected in Cygwin environments.

Security

1067599 - LdapExtended login module does not handle a user that has a slash character in the UID

In previous versions of JBoss EAP 6, the username string returned by the JVM's LDAP code was wrapped in double quotes if it contained a slash (/) character. This broke any further LDAP lookups, including those for authentication and role lookup.

This meant that users with a slash character in their username were not able to successfully authenticate when using the LdapExtended login module. In this version of the product the double quotes are removed from the username returned from LDAP and users with slashes in the username are correctly authenticated.

1067612 - Authentication attempts will fail if the DatabaseRolesMappingProvider's rolesQuery returns an empty set

In previous versions of JBoss EAP 6, the DatabaseRolesMappingProvider could attempt to get information from an empty SQL set in certain circumstances.

When this occurred, an exception was thrown which caused the authentication request to fail.

In this release of the product, the DatabaseRolesMappingProvider has been modified to avoid using an empty SQL set. Authentication requests that result in the DatabaseRolesMappingProvider rolesQuery returning an empty set are now handled correctly and do not fail.

Web Services

1062691 - Schema validation + multiple schema imports in same namespace + catalog lookup doesn't work

A bug that caused the catalog lookup to fail has been resolved in this release of JBoss EAP.

In previous versions of the product, if schema validation was enabled, catalog validation returned only the first schema found when WSDL references multiple schemas. This could cause the catalog lookup to fail.

In this release of the product, catalog lookup now resolves on the filename before falling back to namespace-only resolution. As a result, catalog validation no longer fails.

Documentation

1058768 - OSGi subsystem does not honor patching mechanism

The OSGi helloworld quickstart does not deploy successfully in JBoss EAP 6.2.2. This is a known issue as the OSGi component has been deprecated in the product. This issue will not be resolved.

1043586 - Vault keystore conversion when upgrading from JBoss EAP 6.1.0 or earlier

If using a vault, when upgrading a JBoss EAP 6 instance from 6.1.0 or earlier, to 6.1.1 or later, the associated vault keystore is converted from JKS to JCEKS format. As a result, any applications or services which use the same keystore, such as SSL, will not work after the upgrade.

This issue is caused by a fix for a security issue that is resolved in JBoss EAP 6.1.1 and later. The security fix forces older keystores to be converted from JKS format with an RSA key to JCEKS format with an AES key, and this conversion process may not be successful when upgrading. To workaround this problem, customers can create a new vault and store the attributes there.

For more details on this issue and the workaround, see this Customer Portal Solution: https://access.redhat.com/support/cases/00998441/.

For further details on the original security issue, see the Red Hat security advisory for the JBoss EAP 6.1.1 release: https://access.redhat.com/support/cases/00998441/.