Red Hat Bugzilla – Bug 627023
jboss-as plugin should not require Internet access to manage resources
Last modified: 2015-02-01 18:26:36 EST
Description of problem:
The jboss-as plugin is designed to manage JBoss resources only running on the same machine as the agent; therefore, the plugin should not have dependencies on resources that reside somewhere else on the network on the internet. This can be problematic today for resources such data sources and connection factories whose configurations are stored in and parsed from xml files that can reference external resources. Consider the following snippet,
<!DOCTYPE connection-factories PUBLIC
"-//JBoss//DTD JBOSS JCA Config 1.5//EN"
When the resource configuration editor code in the jboss-as plugin sees the doctype declaration, it will attempt to fetch the referenced the dtd file. We need to explicitly disable validation or do whatever else is necessary to ensure that the underlying XML parser does not make any requests across the network or internet.
I know that this is a problem in the ConnectionFactoryConfigurationEditor class in the jboss-as plugin. We need to review other classes in the plugin to see where this might be an issue. And we ought to review the jboss-as-5 plugin as well.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
[master 09872c1] and [master eff5f3c] fix this - we now use JBossEntityResolver to locally resolve DTDs and XSDs referenced in XML config files parsed by the jboss-as, jboss-cache, and mod-cluster plugins - this allows these plugins to function even if the RHQ Agent cannot access the Internet.
[master cacf370] switches to an alternative solution: add SelectiveSkippingEntityResolver class to plugin-api and use that, rather than JBossEntityResolver, as the entity resolver when parsing XML config files in the jboss-as, jboss-cache, and mod-cluster plugins; SelectiveSkippingEntityResolver returns an empty InputSource for any entity whose system ID ends with ".dtd" or "xsd"; this bogus resolution effectively prevents any attempt by the parser to load DTDs or XSDs from remote URLs
It has been decided not to include this fix in JON3, so I'm keeping this ON_QA.
QA test steps
1) setup a managed AS or EAP 4.x instance with a datasource *whose ds.xml file contains a DTD or XSD reference*, e.g. foo-ds.xml:
<?xml version="1.0" encoding="UTF-8"?>
PUBLIC "-//JBoss//DTD JBOSS JCA Config 1.5//EN"
2) disconnect the machine running the Agent from the Internet - test that it is truly disconnected by running "ping google.com" from the command line of the Agent box
3) go the Configuration>Current subtab for the DataSource Reosurce corresponding to the foo datasource defined in foo-ds.xml.
4) verify the config loads without errors and is displayed in the config editor
5) edit the values of a couple properties, then save the config
6) ensure the config saves successfully with no errors
7) go back to the Configuration>Current subtab and verify that your changes "stuck"
8) open foo-ds.xml and verify that the changes were made and that the file is not corrupt
verified in master
Moving to verified.
Bulk close of old bugs in VERIFIED state.