Chapter 4. Fixed Issues

Issues fixed for Enterprise Application Platform 5.1.1 are listed by component.

Build

JBPAPP-4621
The following unnecessary files were included in the installation of Enterprise Web Platform that only pertained to Enterprise Application Platform.
  • jboss-ewp-5.1/jboss-as-web/server/default/conf/props/messaging-users.properties
  • jboss-ewp-5.1/jboss-as-web/server/default/conf/props/messaging-roles.properties
These files have been removed from the installation procedure.
JBPAPP-4970
The version of Seam distributed with JBoss Enterprise Web Platform 5 included a superfluous dependency on the Hyper Structured Query Language Database (HSQLDB). This dependency has been removed.
JBPAPP-5155
JBoss Native Zips did not contain the sha256sum value within the zip archive. The values were included in a separate file, which had to be downloaded separately with the native zip archive. This caused problems with the release process, and maintaining an accurate sha256sum list. The sha256sum values are now included in the zip archive.

Clustering

JBPAPP-3549
When a multicast address (mcast_addr) was incorrectly configured, the warning that appeared in the log included an outdated URL. The URL has been updated.
JBPAPP-3795
Class org.jboss.system.server.profileservice.repository.clustered.local.file.AbstractFileWriteAction has a member variable tempFile, which is set to a newly created file in getTempFile(). This file is called from getOutputStream(), which is called from writeBytes(). However, writeBytes is only called if there is data in the file.
If the file is empty, tempFile is never set, and AbstractFileWriteAction.modifyTarget passes a null File parameter to FileUtil.localMove, where the NullPointerException happens.
AbstractFileWriteAction.modifyTarget now calls getTempFile(), which creates the file if needed, instead of using tempFile directly.
JBPAPP-4947
The encrypt class of JGroups had bugs related to threading in the Cipher routine. These have been addressed.
JBPAPP-5171
A software error resulted in a situation where neither the process of serving the login page nor handling the POST to j_security_check resulted in a call into ClusteredSessionValve, which is the part of the request pipeline that triggers replication of the session by storing it in the database. FormAuthenticator directly dispatched to the login page, and handled j_security_check itself.
As a result, the session that was created before serving the login page was not persisted. When the authentication was complete and the request for the original URL came in, the session manager checked with the distributed store to see whether the local session copy was out of date. With DataSourcePersistentManager, that check was made to class VersionBasedOutdatedSessionChecker. VersionBasedOutdatedSessionChecker returned true because it could not find the session in the database. Because of the true return value, the session manager could not use the local session. It attempted to read it from the persistent store. It did not exist in the persistent store either, so a new session was created.
To address this issue, VersionBasedOutdatedSessionChecker now checks the session's getLastReplicated method if it cannot find a persisted session. If the value is 0, the session is new, and has never been persisted, so it cannot be outdated. In that case it returns false.
JBPAPP-5406
An incorrect subsystem was set during remoting client creation, due to the order of superclass constructor operations. This created NullPointerExceptions and ClassCastExceptions. Constructors have been altered to initialize the client after the correct subsystem is set.
JBPAPP-5843
A timer that is shared across all channels in a group did not stop when one of the channels was closed. If OOB messages were passed around at the time a channel left a group, messages were added to the Retransmitter after the channel closed. This happened because messages which were added to the Retransmitter continued to be requested after Retransmitter.reset() completed. This issue is resolved by fixing the condition that caused retransmission requests when a message from a node is processed at the same time the node leaves the cluster.
JBPAPP-5844
In Microsoft Windows, when the network interface was disrupted, such as by removing the network cable and reinserting it, JGroups received an exception of type NoRouteToHostException every time it attempted to send a message. This continued until the server was restarted. This problem is solved by new behavior in JGroups, which re-binds the socket to the interface, allowing JGroups to send messages again.
JBPAPP-5851
The asym_provider and sym_provider security provider options of the ENCRYPT algorithm previously were only used by the KeyGenerator lookup. These options are now implemented in the Cipher lookup as well.
JBPAPP-5855
The JGroups FD_SOCK protocol is a failure detection protocol based on sockets. The client side of the FD_SOCK TCP connection was not binding to a specific IP address. If you tried to open a firewall connection specific to each individual application, there was unnecessary cross-talk between applications. client_bind_port, port_range, and bind_addr were added to FD_SOCK, which allows you to bind the outgoing connections to a specific IP address and/or port range.
JBPAPP-5900
A race condition in the JGroups FLUSH protocol caused messages to be processed in the wrong order when the master node left the cluster, so the master node left before sending a new view (with a new master). Therefore, the other nodes did not detect the master's absence, or elect a new master, until the master's absence was detected by the failure detection protocol. The message ordering has been corrected, and the race condition no longer occurs.
JBPAPP-5912
When a JBoss Cache instance configured for asynchronous serialization was shunned from the cluster, all future replications would fail until the cache was restarted. The cause was a naming conflict between a method and its parent class. This has been fixed by renaming method CommandAwareRpcDispatcher.stop() to stopDispatcher().
JBPAPP-6011
The JGroups configuration in the binding manager now implements the system properties added to the JGroups configurations in Enterprise Application Platform 5.1. In addition, hard-coded ports have been removed, and the default multicast addresses are set to the same values used in version 5.0 of the platform.

Consoles

JBPAPP-3928
If a user waits too long to log in after going to the Admin Console login page, the session times out. Previously, this caused an exception. A user-friendly timeout message is now displayed.
JBPAPP-4791
If a topic or queue was created with the same name as an existing topic or queue, the new one overwrote the old one. This has been resolved by causing an attempt to create a topic or queue with a duplicate name to fail, generating an error.
JBPAPP-4886
The ApplicationServerDiscoveryComponent class does not use JBoss variables because the paths are hard-coded to the jar files. If JBoss library locations and the JBoss variables for the libraries (jboss.lib.url, jboss.common.lib.url and jboss.server.lib.url) were changed, the JBoss Admin Console failed to open. This issue is resolved by adding BootstrapAction.createPluginContainerConfiguration() to the Admin Console.

Documentation

JBPAPP-4387
Seam Reference User Guide source code blocks did not have syntax highlighting, which made the source code difficult to read. The affected code has been updated with the correct highlighting.
JBPAPP-4616
The Microcontainer User Guide contained references to some outdated Maven artifacts. Please review the document shipped with the current release for updated information.
JBPAPP-4958
In the Hibernate Core User Guide, a reference was made to an incorrect POM file. This reference has been updated in the documentation for the current release.
JBPAPP-5223
The configuration information in the JMS Clustering Notes section of the guide was inaccurate. The guide has been corrected with an updated configuration example, which fixes the issue.
JBPAPP-5584
A change to the default value of the max_prepared_transactions datasource property in PostgreSQL versions 8.2 and 8.4 resulted in XA Transactions being denied. An Important admonition was added to Appendix A.7 PostgreSQL of the Administration and Configuration Guide for the XA Datasource example, to highlight the requirement.
JBPAPP-5907
The Security Guide released with earlier versions of the Enterprise Application Platform missed the instructions for encrypting the datasource password. The documentation now includes the step. The instructions to configure the server.password file by running the following command:
java -cp jboss-as/common/lib/jbosssx.jar org.jboss.security.plugins.FilePassword \
          SALT COUNT MASTER_PASSWORD PASSWORD_FILE
JBPAPP-6199
The HTTP Connectors Guide is a new user guide for JBoss Enterprise Web Platform 5.1.1. This guide supersedes and improves upon the mod_cluster User Guide and the HTTP Services section of the Administration and Configuration Guide. It also contains information about the ISAPI and NSAPI connectors.

EJB

JBPAPP-3392
EJB3 clients did not use existing socket connections on subsequent invocations. Instead, they created a new connection for each invocation, which was destroyed when the connection was complete. A delay has been added so that connections remain open for use in subsequent invocations.
JBPAPP-5167
In two cases, the UnifiedClassLoader was used instead of an isolated EAR's classloader. The first case occurred when a EJB2 Entity Bean was packaged inside of an isolated EAR and an EJB client was packaged in the same isolated EAR. When the EJB Entity Bean was passivated, a ClassNotFound exception was thrown. This was caused by the usage of UnifiedClassLoader instead of the EAR's isolated classloader. The second case occurred when a deployed EJB2 Entity Bean had a local interface of the same name as an interface in the UnifiedClassLoader, resulting in a ClassCastException. The correct classloader is now used in both cases, and the errors no longer occur.
JBPAPP-5476
A bug in org.jboss.ejb.plugins.SecurityInterceptor caused problems with setting the runas-identity context method invocation on stateless session EJBs that were not originally runas-deployed. Invocations used the identity of any authenticated context sent to the EJB, which resulted in invocations being executed as if the EJB was runas-deployed. The only way to stop this behavior was to restart the server. SecurityInterceptor now looks at the run-as role of the original EJB, and ensures that runAsRole is available to any calls made by the EJB for declarative security checks.
JBPAPP-5618
When an EJB Timer service was configured to use the GeneralPurposeDatabasePersistencePlugin, and the CachedConnectionManager was set to debug, the following warning was recorded in the server log:
WARN [org.jboss.resource.adapter.jdbc.WrappedConnection] Closing a result set you left open! Please close it yourself.
This occurred because the GeneralPurposeDatabasePersistencePlugin did not close an internally-used ResultSet. The CachedConnectionManager closed the ResultSet and correctly informed the user of the error. The GeneralPurposeDatabasePersistencePlugin has been modified to close the ResultSet, so the warning no longer appears.
JBPAPP-6102
If you use JDK 6 update 19 or newer, and your application sends or receives java.io.File objects, a serialization exception may occur. This exception can also happen if you are using clustering with a stateful session containing a java.io.File object.
To prevent this exception, a new property has been added. Set the system property -Dorg.jboss.serial.SYNC_SERIALIZATION_BINARY_FORMATS=true, for all JBoss instances that communicate with each other.

Hibernate

JBPAPP-4175
When Hibernate executed a cachable query using a ResultTransformer, it attempted to cache the results after applying the ResultTransformer. However, the data might be modified so that Hibernate could not read it. In this case, a ClassCastException would occur when attempting to cache the results.
This issue is fixed by introducing three new classes to the API:
  • org.hibernate.transform.AliasedTupleSubsetResultTransformer
  • org.hibernate.transform.CacheableResultTransformer
  • org.hibernate.transform.TupleSubsetResultTransformer
Review the Javadoc for Hibernate for more details.
JBPAPP-4738
Dialect org.hibernate.dialect.SQLServer2008Dialect has been added to Hibernate, to address changes to the Microsoft SQL dialect introduced in Microsoft SQL Server version 2008.
JBPAPP-4895
When a refresh() method was invoked immediately prior to an insert(), and second-level caching was enabled, the entity was inserted into the second-level cache. If the refresh() committed successfully, however, the cached data was not automatically evicted. This occurred because refresh() did not track entity state. refresh() now tracks entity state, and evicts the cached data on a successful commit.
JBPAPP-4904
JBoss Marshalling failed to serialize a session, due to a flaw in the serialization logic of org.hibernate.impl.SessionImpl. This class now adheres to the Java Serialization specification listed at http://java.sun.com/javase/6/docs/platform/serialization/spec/output.html#86, and serialization works properly and as expected.
JBPAPP-4905
org.hibernate.type.EnumType used a static map to cache the enum values, because getting the value of the enum by reflecting is expensive. However, this implementation had the potential to cause memory leaks in come circumstances, especially when using Hibernate in the application server. This is because the cached objects would never be garbage-collected, so the Map acting as cache kept growing infinitely.
Instead of using a global enum cache, Hibernate now uses a transient array for each EnumType instance to cache the enum values. This improves performance and eliminates the memory leak.
JBPAPP-4926
The cascade-save operation was incorrectly handling auto-incremented Primary Key (PK) tables that linked to parent tables with an assigned PK. The fix now allows the cascade-save operation to handle the parent-child relationship between tables.
JBPAPP-5394
An issue with QueryPlanCache was discovered that caused a memory leak due to soft references held by the unbound SoftLimitMRUCache. The SoftLimitMRUCache eventually filled up until a major stop-the-world garbage collection was necessary to clean the SoftLimitMRUCache soft references.
The solution involves constraining the amount of soft and strong unbound references held in the cache. Entries are evicted using an LRU policy, or by memory pressure from the GC in the case of soft references.
Two configuration options are now available, which solve the issue:
  • hibernate.query.plan_cache_max_strong_references which defaults to 128
  • hibernate.query.plan_cache_max_soft_references which defaults to 2048
Users that want to emulate previous behavior, can set hibernate.query.plan_cache_max_soft_references to Integer.MAX_VALUE
JBPAPP-5405
According to the JPA persistence specification, the AS keyword is optional for collection declarations, such as the following:
collection_member_declaration ::= IN (collection_valued_path_expression)
[AS] identification_variable
A HQL/JPQA such as the one below syntax caused a parser exception:
SELECT o FROM EntityBean AS o, IN (o.items) AS l WHERE l.itemValue = '1'
This occurred because Hibernate did not implement the AS keyword. Hibernate now follows the specification in this area, and allows the optional keyword.
JBPAPP-5409
Hibernate's ByteCodeHelper.readByteCode() was previously limited to 409600 bytes, but can now handle an entity class of any size.
JBPAPP-5478
ChainedPropertyAccessor was used by AliasToBeanResultTransformer. ChainedPropertyAccessor was not serializable. Therefore, any cachable queries using AliasToBeanResultTransformer broke during cache replication. For example, this query could not be replicated or cached to disk:
session.createQuery("select foo").setResultTransformer(new AliasToBeanResultTransformer(SimpleCount.class)).setCacheable(true).list();
The behavior of AliasToBeanResultTransformer has been changed. When the AliasToBeanResultTransformer is created/deserialized, it recreates the ChainedPropertyAccessor instance according to the cached resultClass. Cacheable queries using AliasToBeanResultTransformer continue to work during cache replication.
JBPAPP-5479
AliasToBeanResultTransformer.hashCode relied on propertyAccessor.hashCode(). Implementations of PropertyAccessor do not override hashCode() or equals(). Therefore, Cache lookups involving a QueryKey with an AliasToBeanResultTransformer resulted in a cache miss.
Two AliasToBeanResultTransformer objects should only be equal and use the same hash code if their resultClass is equal. Getters are determined by aliases, which are provided as an argument, so they are not needed to determine equality. Setters should be used to compute equals() and hashCode(). However, due to the implementations of Setter, Setters do not override hashCode() or equals().
The fix is to cache the aliases corresponding to the Setters and use that to check for equality. Cache lookups involving a QueryKey with an AliasToBeanResultTransformer no longer result in a cache miss.
JBPAPP-5481
When Hibernate executed a cachable query using a ResultTransformer, it attempted to cache the results. However, the data had the potential to be modified so that Hibernate could not read it.
PropertyAccessException was thrown when all of the following are true:
  • The query has a ResultTransformer
  • Results are cached before being transformed
  • Each result has a single value
This issue is fixed by introducing three new API calls:
  • org.hibernate.transform.AliasedTupleSubsetResultTransformer
  • org.hibernate.transform.CacheableResultTransformer
  • org.hibernate.transform.TupleSubsetResultTransformer
Refer to the Hibernate Javadoc for more details.
JBPAPP-5581
Hibernate Core EntityMetamodel entityNameByInheritenceClassNameMap field was used inconsistently. It used a class for puts to the map, but a method for gets from it. An exception was thrown when saving instances of subclasses with specific entity names. The EntityModel class has been updated to use class InheritenceClass instead of its getName() method. Saving instances of subclasses no longer causes an exception in these cases.
JBPAPP-5763
When org.hibernate.id.enhanced.OptimizerFactory.PooledOptimizer was used in multiple JVMs with the same database, there was a risk of duplicate sequenced values being generated. This occurred because a method was invoked twice to initialize two different values (value and hiValue). If another JVM requested a sequence value between these invocations, the sequence related to the second invocation. This issue has been corrected by limiting the double-read to optimizer initialization, when the first read gives Hibernate the initialValue.
JBPAPP-5765
If an entity defined a collection with a property-ref-based key as cachable, there was a problem loading the collection and putting it into its second level cache region. Hibernate used the incorrect key for the owning entity. It attempted to use the referenced property value instead of the corresponding ID value.
Hibernate now checks whether the collection key is defined by a property-ref. If so, the key of the owner instance associated with the collection itself is used, if it exists. Hibernate resolves the owner of the collection against the owner of the Persistence Context.
JBPAPP-5814
Synchronizing access to Map caused performance degradation. Synchronization of Map is now managed by ReentrantReadWriteLock and ConcurrentHashMap, which improves performance.
JBPAPP-5817
Many well-formatted and indented Strings were built up for each element of a parsed HQL string, for each tree node. The purpose was to feed invocations of log.trace(). The information was added to the log regardless of the log level. This caused extra output and larger log files. Hibernate now checks the log level, and only includes the formatted output when the log level is TRACE.
JBPAPP-5898
A customer reported an issue with the ScrollableResults JoinFetch, where ScrollableResults set child collection correctly at the first parent object, but after the second parent object only the first element of a child collection was included.
The ScrollableResults logic has been improved to read sequentially. When a new parent is encountered, ScrollableResults assumes it has finished processing all rows for the previous parent.

Important

This fix relies on results being ordered consistently. Because some databases do not return sorted data (such as H2) you should explicitly apply "order by" for ScrollableResults result ordering.

IOPP

JBPAPP-3134
jboss-log4j.xml has been updated to include the jacorb.config log level. The priority has been set to ERROR to avoid printing unnecessary messages to the console during server startup.

Installer

JBPAPP-2724
In the graphical installer, the directory selection dialog used the language specified in the environment where the installer was run, rather than the language requested by the user at the beginning of the installation. The installer has been updated so that the directory selection screen uses the language selected by the user at the beginning of the installation process.
JBPAPP-4262
During installation of the Enterprise Application Platform on Solaris, the user was prompted for the root password. This was caused by permission issues when the installer tried to create some optional shortcuts (symbolic links). This issue has been fixed by removing the ability for Solaris platforms to create shortcuts through the installer. You can still create the symbolic links manually if needed.
JBPAPP-5049
Previously, scripts for all operating systems were included when JBoss Enterprise Web Platform was installed, rather than being restricted to operating system being installed onto. The installer has been updated so that only appropriate scripts are included in the bin/ directory of the platform. Shell scripts are installed for Linux and UNIX systems, and batch scripts are included for Microsoft environments.
JBPAPP-5087
The Red Hat documentation page has moved from http://www.redhat.com/docs to http://docs.redhat.com/. The link has been updated in all documentation.
JBPAPP-5110
The graphical installer allows you to specify a custom JAAS security domain for securing consoles and invokers. However, in the past, the Tomcat console was always secured with the JAAS security domain jmx-console, even if it does not exist.
This issue is fixed, and the Tomcat console is secured with the security domain you specify during installation.
JBPAPP-5116
When a custom JAAS security domain was created during the graphical installation process, the custom JAAS security domain continued to use jmx-console-users.properties and jmx-console-roles.properties. This incorrect behavior has been changed, so that the custom JAAS security domain called NAME uses NAME-users.properties and NAME-roles.properties files instead.
JBPAPP-5129
Seam examples were not correctly deployed using ant explode due to faulty path delimiters in the build.properties file. This caused Seam example deployment to fail. The build.properties file now uses the correct path delimiters.
JBPAPP-5132
In Microsoft Windows installations of the Seam examples, the Deploy Hotel Booking Seam Demo shortcut in the Start Menu pointed to a directory one level above the JBoss Enterprise Web Platform installation. This caused an error of type NoClassDefFoundError to appear in the log, and the example not to deploy. The path has been corrected, and the example now deploys from the shortcut.
JBPAPP-5435
The security configuration screen of the graphical installer contained incorrect links to the documentation portal and user documentation. All links have been corrected.

JCA

JBPAPP-4964
Due to a regression introduced by the fix in JBAS-5929, the JCA pool sometimes shut down without looking for checked-out connections. This issue has been fixed, and the JCA pool looks for checked-out connections before shutting down.
JBPAPP-5119
XAManagedConnectionFactory class did not allow for the is methodName form for getting and setting properties. This caused problems for XA DataSources when the property was a boolean type. XAManagedConnectionFactory now allows for the is format and handles boolean types without errors.
JBPAPP-5374
Passing a negative timeout value to method Thread.sleep in class NewMsgsWorker#run() caused the Mail message-driven bean to stop checking for new messages. This has been fixed by not allowing a negative timeout value.
JBPAPP-5596
The JCA code did not properly handle multi-threaded access, due to several potential causes of deadlocks involving JDBC operations and the JBossTS transaction reaper thread. The JCA code has been updated to resolve these problems, and multi-threaded access should work properly in the JCA.

JMX

JBPAPP-5690
JMXOpsAccessControlFilter The class did not retain the role mappings for a user if the roles were set with the DeploymentRolesMappingProvider. The filter class has been corrected, and the mappings are now retained as expected.

Metadata

JBPAPP-4041
The ServiceMetaDataParser.parseValueFactoryParameter() method only considered the first child of the <parameter> element. If the <null/> element was surrounded by carriage returns, the node was treated as a text value and the parameter was not correctly substituted elsewhere. The following example failed, but now works properly.
<parameter>
   <null/>
</parameter>

mod_cluster

JBPAPP-3463
Because of problems with the pause() method of the connector, a race condition could occur when applications were undeployed. Sessions that were forwarded to the application server by mod_cluster before receiving an undeploy notification could result in an error 503 - This application is not currently available. The method has been updated, addressing these issues.
JBPAPP-5048
The status page of the mod_cluster manager was not updated upon failover, so worker nodes were listed as active and available after they had failed. The status page now updates when nodes fail.
JBPAPP-5237
A server configured for failover with an application deployed in a subdirectory such as /webapp, and another application deployed in /, occasionally caused an error. This was because the failed-over application tried to deploy in / instead of /webapp. This situation has been fixed, and failover now occurs as expected.
JBPAPP-5283
The maximum length for cluster aliases has been raised from 40 to 64, to accommodate longer aliases.
JBPAPP-5315
Clustered nodes were only retired after the worker retry timeout (set to 60 seconds). This resulted in error messages suggesting that a node was in error for 60 seconds when it was likely the node had retired correctly during this period. Nodes are now retired when the node receives a STATUS message, broadcast by the nodes approximately every 10 seconds.
JBPAPP-5511
mod_rewrite could not rewrite from the root (/) in httpd if there was no ROOT context deployed in JBoss Enterprise Web Platform. This occurred because mod_cluster attempted to use the original URI instead of the URI provided by mod_rewrite. The rewrite rule now works regardless of whether the ROOT context is deployed to the platform.

Other

JBPAPP-3083
When AopC was in use, report generation failed with an exception of type ArrayIndexOutOfBoundsException. This has been resolved so that a report is now generated as expected, and no exception is thrown.
JBPAPP-3308
In isolated deployments, a ClassNotFoundException was thrown when the application server tried to deserialize an info object associated with the Timer. This occurred because the wrong classloader (threadContextClassLoader) was used to deserialize the object. This bug has been fixed and the correct classloader is now used.
JBPAPP-5148
Deployment file names were not previously checked for legal paths. Poorly-constructed file names could cause unexpected file deletions or alterations. The deployment files are now checked for legal paths, and an exception is thrown if an illegal path is used.
JBPAPP-5232
Due to a casting problem where a long was cast to an int, using org.jboss.varia.scheduler.ScheduleManager with a short period, such as 1 ms, could cause negative repeat values. This has been remedied by using a long instead of an int.

Profile Service

JBPAPP-2698
A bug in the Profile service caused the status of deployments to be reported incorrectly if they are started and stopped very quickly. This bug is still present. However, modifications have been made to the console to work around this by updating the status after a short delay, or after the page is refreshed. In normal usage, the status is shown as expected.

Remoting

JBPAPP-5748
Sending multiple requests from a WS client and using fastinfoset caused an increase of sockets in a CLOSE_WAIT state and incorrect shutdown. This issue was fixed by introducing the org.jboss.ws.client.remoting.disconnect.after.use JVM property, which causes the client remote to disconnect immediately. This property is enabled by default. If you disable it, HttpURLConnections remain open.

RESTEasy

JBPAPP-2993
The spring-hibernate-contacts example failed with the error:
java.lang.IllegalArgumentException: object is not an instance of declaring class
This occurred because the getContactById(@PathParam("id") Long id) method in the ContactServiceImpl class was missing the @GET annotation. This error has been corrected, and the example code now works as expected.

Scripts and commands

JBPAPP-5403
When starting the server using service.bat, no options were inherited from run.conf.bat. This occurred because service.bat set JAVA_OPTS to a placeholder value, which was not overridden by values set in run.conf.bat due to a faulty check. This issue has been fixed, and options set in run.conf.bat are now used when starting the server with service.bat.

Seam

JBPAPP-3520
The JpdlParser in JBPM included some hard-coded file names of XSDs, which referred to Internet locations and ignored XSDs in the classpath. This caused failures when those Internet locations were unavailable. The hard-coded paths have been removed and the classpath is now searched for the XSDs.
JBPAPP-4231
A NullPointerException occurred when undeploying or uninstalling Seam examples. It did not cause any application to fail, but the error was incorrect. The issue occurred in the nestedbooking, dvdstore, itext, and excel examples, but not in the ui example. The cause was a bug in the EJB3 deployer, and an upgrade to that component resolved the issue. The NullPointerException no longer occurs in the examples listed above.
JBPAPP-4508
When uploading files with <s:fileUpload> inside <h:dataTable>, errors occurred which led to identical filenames and incorrect content. This occurred because the local value was not returned by the getLocalValue() method. This problem has been fixed by correcting the method, and the problems with the filenames and content no longer occur.
JBPAPP-4582
The IBM JVM v1.6 was not handling annotations that were UNKNOWN during runtime. This caused problems with the Chatroom example. The underlying issue is resolved on IBM JVM version 1.6.0 (SR9 FP1).

Note

To make the chatroom example work with IBM JVM versions prior to 1.6.0 (SR9 FP1), copy http://repository.jboss.org/maven2/net/jcip/jcip-annotations/1.0/jcip-annotations-1.0.jar into JBOSS_HOME/server/PROFILE/lib.
Restart the server after adding the specified file.
JBPAPP-5013
The Seampay example had an issue with the duration between the first payment and the second payment in the example. Users with a combination of fast hardware, Java 6 runtime, and Windows Server 2003 found the set delay between payments to be too short. The example has been fixed to extend the duration between payments, which fixes the issue.
JBPAPP-5015
The jta.jar was being included as a third-party dependency of Eclipse by the seam-gen process. The jboss-transaction-api.jar was included in the seam-gen process, but the two files caused a .classpath conflict. All Hibernate dependencies have been updated to exclude the jta.jar file, which fixes the dependency issue.
JBPAPP-5056
The SeamBay example shipped as part of the Enterprise Platform contained an incompatibility with Internet Explorer 8. This has been resolved, and the example once again works with Internet Explorer 8.
JBPAPP-5078
There were two identical ant.jar libraries in the Seam distribution within the Enterprise Platform:
  • /seam/lib/ant.jar
  • /seam/lib/gen/ant.jar
This issue has been fixed by removing the ant.jar from seam/lib/.
JBPAPP-5410
An asynchronous invocation of JBPM which required transactional capabilities could cause the asynchronous action not to execute, if a transaction was not started. An exception was thrown and processing did not continue. This is fixed by checking whether transactions are required, and starting a new one if it is not already active, before initiating the asynchronous JBPM processing.
JBPAPP-5469
During transactions where application exceptions were thrown, the transaction was neither committed nor rolled back. Instead it remained in memory. Transactions now roll back properly when exceptions are thrown, and are cleared from memory.
JBPAPP-5496
The configuration for persistence service in jbpm.cfg.xml has been updated in the Todo and DvdStore examples, to use the following value: <service name="persistence" factory="org.jbpm.persistence.jta.JtaDbPersistenceServiceFactory" />
JBPAPP-5517
If any exception occurred while a Seam EL expression was being evaluated during the jbpm-jpdl process definition, JBPM's transaction handling sometimes committed transactions that should have been rolled back. Rollback only occurred on the Seam side, because Seam tried to close the JBPM Context while the JBPM process was committing. Seam now closes the JBPM context immediately after rolling back the transaction, and the dirty commits no longer occur.
JBPAPP-5590
Invoking EntityQuery.resultCount() resulted in a query such as select count( entity ).... However, if the persistence provider is Hibernate and the Entity has a composite key, the exception [ERROR JDBCExceptionReporter] Operand should contain 1 column(s) is triggered, because Hibernate does not support composite keys in count queries.
This constraint prevented you from using seam-gen and JBoss Developer Studio to generate CRUDs if you had Entities with composite keys and you use Hibernate. Hibernate extensively uses EntityQuery.resultCount() in the generated code, and this class triggered the exception.
Seam has been updated, so that if the persistence provider is Hibernate, Seam builds the query using the notation select count( * ) instead of select count ( entity ). This method works, even with composite keys. With this fix in place, EntityQuery.resultCount() works for all entities and all persistence providers, as do generated CRUDs.
JBPAPP-5823
Seam-RESTEasy integration module allowed anemic session requests to remain open when an exception occurred during the JAX-RS request invocation. Accessing previously authenticated sessions was possible even if incorrect credentials were passed in a request. The code responsible for invalidating the session is now contained in a Java finally block. This fix prevents anemic session requests from remaining open.
JBPAPP-6283
s:link was not working if pages containing the s:link were not previously rendered on the JBoss Enterprise Platform instance. This caused an IllegalStateException: Unable to read <page>, because the method binding for the Seam UI page actions were not added to the SafeActions on other servers. viewId now includes the path to the web context root in each searching path, which allows pages to remain active when workload is moved between nodes.
JBPAPP-6362
In seam-gen, Entity fields that were annotated by @Version were set as an Integer data type. The Update operation was not compatible with the Integer data type, and terminated with a NullPointerException. The @Version data type has been changed from Integer to int. Entity Update operations now complete successfully.
JBPAPP-6387
It was found that JBoss Seam did not properly block access to JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code through a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

Note

A properly configured and enabled Java Security Manager would prevent exploitation of this flaw. CVE-2011-1484)
JBPAPP-6770
It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

Note

A properly configured and enabled Java Security Manager would prevent exploitation of this flaw. (CVE-2011-2196)

Security

JBPAPP-2598
Applying the workaround for JBAS-7049 causes servers using OpenJDK 6 and running the security manager to fail to start the Enterprise Application Platform. This was due to upstream issues in OpenJDK. These issues have been addressed in the OpenJDK software, which is a third-party product. Therefore, the Enterprise Application Platform now starts as expected on affected systems with upgraded OpenJDK.
JBPAPP-5459
Due to an error in the order of services starting up, JNDIContextEstablishment could potentially start later than expected, causing NamingExceptions because the context java:/jaas was not bound in JNDI. This binding is now handled in JaasSecurityManagerService, which starts before any service in the deploy/ directory.
JBPAPP-5691
unauthenticatedIdentity The option did not work with the LdapExtLoginModule class, even when the method invoked did not require a specific role. The security libraries have been updated to fix this issue.
JBPAPP-5729
The org.jboss.security.plugins.FilePassword file previously required write permission even for decoding the password. The file could not be changed to read-only for regular users because it was inaccessible. This issue has been fixed by changing the file permissions from to read-only.
JBPAPP-5940
LdapExtLoginModule queried LDAP for the roleNameAttributeID instead of checking the returned distinguished name. This was slow. To improve performance, a parseRoleNameFromDN option has been added to the module.

System

JBPAPP-5608
The QueuedPessimisticEJBLock in JBoss Transactions did not always detect that a waiting transaction had timed out, so the lock would remain active when it should have been released. This eventually resulted in a threadpool-wide lock, with all transactions waiting for the lock to release, or the locked transaction to be registered as timed out. The isTxExpired() method has been modified to ensure that timeouts are registered, so that transactions are informed of locks.

Transactions

JBPAPP-5175
The JBossTS TransactionReaper contained a bug which caused it to execute continuously when it was running in dynamic mode, rather than pausing between runs. This caused performance degradation. To fix this issue, JBossTS was updated. As a result, the Reaper now pauses between runs, leading to better performance.

Varia

JBPAPP-5566
A bug in class org.jboss.mail.SessionObjectFactory caused only one mail service to ever be resolved, even if more than one service was configured and present in the JNDI tree. The class now resolves more than one mail service if one is configured.

Web

JBPAPP-4960
sendNotification was present in org.jboss.web.tomcat.service.deployers.TomcatServices.java, but was disabled, so the jboss.tomcat.connectors.started notification was missing. The Barrier Controller depended on that notification and was unavailable to manage subscriptions. This problem has been fixed by reinstating sendNotification.
JBPAPP-5168
Customers migrating from Oracle WebLogic need the ability to rewrite URLs in a different context from the webapp. This feature is now implemented. To override the context, set -Dorg.apache.catalina.connector.Response.REWRITE_CONTEXT_CHECK=false.
JBPAPP-5293
The HTTPS connector used addHandshakeCompletedListener() to verify a SSL handshake was successfully negotiated between the connector and listener. addHandshakeCompletedListener() added the listener after the notification thread started running, which required SSL handshake renegotiation. setEnabledCipherSuites(new String[0]) is now used to verify SSL Handshake negotiations, which fixes the issue. This issue was introduced by a fix for CVE-2009-3555.
JBPAPP-5813
When using the org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false property, cookies containing characters \, (, ), :, <, =, >, ?, @, [, \\, ], {, }, (, : were truncated to the first occurrence of one of the listed characters. Changes have been made to the way these characters are handled in the code which prevents cookies containing these characters being incorrectly truncated.

Web Services

JBPAPP-4346
Fault signing and encryption have been added to JBoss WS. These features can be enabled by specifying includeFaults="true" on a sign or encrypt element. For the client, specify includeFaults="true" in the encryption and signature elements that are within a <requires> tag to enforce signed/encrypted faults.
JBPAPP-4506
When services were deployed to JBoss Web Services Native, any XML Schema Declaration (XSD) imports with relative URLs were rewritten as absolute URLs relative to the WSDL service contract. This worked fine, unless an imported XSD imported a second XSD using a relative path. In this case, the path of the second XSD was incorrectly rewritten to be relative to the first XSD instead of the WSDL service contract. This problem has been resolved, and the paths are now rewritten relative to the WSDL service contract.
JBPAPP-4564
You can now disable chunked encoding using the SAAJ API, by calling soapMessage.getMimeHeaders().addHeader("Transfer-Encoding", "disabled");.
JBPAPP-4920
Generating WSDL for JAX-WS resulted in an incorrect namespace prefix for the message part in the WSDL. The wrong namespace prefix was referenced if the exception was mapped to a different namespace that used the @WebFault annotation. This issue has been fixed by correcting how WSDL is generated, and the correct namespace prefixes are now used.
JBPAPP-5450
Due to an error in the SAAJ implementation in the JBossWS libraries, SOAP nodes previously had the same prefix as the <Envelope> node. This has been corrected, so that SOAP nodes now have their own prefix.
JBPAPP-5494
DescriptorDeploymentAspect loaded the /cxf.xml in the classpath and put it in the deployment attachment as the CXF endpoint deployment descriptor. This prevented the META-INF/jbossws-cxf.xml or WEB-INF/jbossws-cxf.xml from being loaded. These are intended to co-exist with /cxf.xml, which creates the CXF bus. The code has been updated so that these files are now loaded properly.
JBPAPP-5545
Appending an Element to a SOAPBody resulted in a java.lang.IllegalArgumentException. The code has been updated so that adding an Element now results in the Element being converted to a SOAPElement, and no exception is thrown.
JBPAPP-5577
The logging level for MessageContextJAXWS was too high when the conversion of a WSDL URL to a URI failed. This caused excessive log messages. The logging level for these messages has been lowered to reflect the true severity.
JBPAPP-5710
When a request with an application/fastinfoset content-type header was sent to the FastInfoset web service, the response was returned with an incorrect header of application/soap+xml or text/xml. This issue has been corrected with an upgrade of the JBoss Web Services component.
JBPAPP-5826
JBossWS does not reuse an established SSL connection when sending multiple requests over SSL to JBoss Enterprise Web Platform. This means an SSL handshake occurs on every request. This issue has been fixed and the SSL handshake occurs once and is reused for every subsequent request, if a local WSDL is used.