Bug 627023 - jboss-as plugin should not require Internet access to manage resources
Summary: jboss-as plugin should not require Internet access to manage resources
Alias: None
Product: RHQ Project
Classification: Other
Component: Plugins
Version: 4.2
Hardware: All
OS: All
medium vote
Target Milestone: ---
: RHQ 4.3.0
Assignee: Charles Crouch
QA Contact: Mike Foley
Depends On:
Blocks: jon30-bugs 847379
TreeView+ depends on / blocked
Reported: 2010-08-24 21:35 UTC by John Sanda
Modified: 2015-02-01 23:26 UTC (History)
5 users (show)

Fixed In Version: 4.3
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-08-31 10:14:00 UTC

Attachments (Terms of Use)

Description John Sanda 2010-08-24 21:35:40 UTC
Description of problem:
The jboss-as plugin is designed to manage JBoss resources only running on the same machine as the agent; therefore, the plugin should not have dependencies on resources that reside somewhere else on the network on the internet. This can be problematic today for resources such data sources and connection factories whose configurations are stored in and parsed from xml files that can reference external resources. Consider the following snippet,

<!DOCTYPE connection-factories PUBLIC
          "-//JBoss//DTD JBOSS JCA Config 1.5//EN"

When the resource configuration editor code in the jboss-as plugin sees the doctype declaration, it will attempt to fetch the referenced the dtd file. We need to explicitly disable validation or do whatever else is necessary to ensure that the underlying XML parser does not make any requests across the network or internet.

I know that this is a problem in the ConnectionFactoryConfigurationEditor class in the jboss-as plugin. We need to review other classes in the plugin to see where this might be an issue. And we ought to review the jboss-as-5 plugin as well.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Comment 2 Ian Springer 2011-11-08 16:17:03 UTC
[master 09872c1] and [master eff5f3c] fix this - we now use JBossEntityResolver to locally resolve DTDs and XSDs referenced in XML config files parsed by the jboss-as, jboss-cache, and mod-cluster plugins - this allows these plugins to function even if the RHQ Agent cannot access the Internet.


Comment 3 Ian Springer 2011-11-09 21:18:40 UTC
[master cacf370] switches to an alternative solution: add SelectiveSkippingEntityResolver class to plugin-api and use that, rather than JBossEntityResolver, as the entity resolver when parsing XML config files in the jboss-as, jboss-cache, and mod-cluster plugins; SelectiveSkippingEntityResolver returns an empty InputSource for any entity whose system ID ends with ".dtd" or "xsd"; this bogus resolution effectively prevents any attempt by the parser to load DTDs or XSDs from remote URLs

It has been decided not to include this fix in JON3, so I'm keeping this ON_QA.

Comment 4 Ian Springer 2011-11-10 15:10:42 UTC
QA test steps
1) setup a managed AS or EAP 4.x instance with a datasource *whose ds.xml file contains a DTD or XSD reference*, e.g. foo-ds.xml:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE datasources
    PUBLIC "-//JBoss//DTD JBOSS JCA Config 1.5//EN"


2) disconnect the machine running the Agent from the Internet - test that it is truly disconnected by running "ping google.com" from the command line of the Agent box
3) go the Configuration>Current subtab for the DataSource Reosurce corresponding to the foo datasource defined in foo-ds.xml.

4) verify the config loads without errors and is displayed in the config editor

5) edit the values of a couple properties, then save the config

6) ensure the config saves successfully with no errors

7) go back to the Configuration>Current subtab and verify that your changes "stuck"

8) open foo-ds.xml and verify that the changes were made and that the file is not corrupt

Comment 5 Lukas Krejci 2011-11-24 19:52:24 UTC
verified in master

Comment 6 Jay Shaughnessy 2013-02-26 22:19:46 UTC
Moving to verified.

Comment 8 Heiko W. Rupp 2013-08-31 10:14:00 UTC
Bulk close of old bugs in VERIFIED state.

Note You need to log in before you can comment on or make changes to this bug.