You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "sunil kumar (JIRA)" <ji...@apache.org> on 2018/11/16 04:01:00 UTC

[jira] [Reopened] (AMQ-7099) After upgrading activemq 5.5.1 to activemq 5.13.1, issues with java.security.Security.insertProviderAt/org.apache.activemq.broker.BrokerService

     [ https://issues.apache.org/jira/browse/AMQ-7099?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

sunil kumar reopened AMQ-7099:
------------------------------

How this can be closed without proper resolution.

Thanks,

> After upgrading activemq 5.5.1 to activemq 5.13.1, issues with  java.security.Security.insertProviderAt/org.apache.activemq.broker.BrokerService
> ------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-7099
>                 URL: https://issues.apache.org/jira/browse/AMQ-7099
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.13.1
>         Environment: OS: All platforms 
> Products involved are :
> WAS 8.5.5.9 - 8.5.5.14
> LDAP/Active directory
> JazzSM(DASH) 3.1.3 CP5 -CP7
>            Reporter: sunil kumar
>            Priority: Blocker
>
> We upgraded activemq 5.5.1 to activemq 5.13.1 to over come the security vulnerable to CVE-2015-5254 and CVE-2014-3612. for ref: here are the links for each CVE: [http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt?version=1&modificationDate=1449589734000&api=v2]
>  [http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt?version=2&modificationDate=1423051365000&api=v2]
>  
> After upgrading we hit with following issues while getting LDAP user informations .
> Following are the stack trace :
> *16:06:07.353 0x33fb300 j9trc_aux.0 - jstacktrace:*
>  *16:06:07.353 0x33fb300 j9trc_aux.1 - [1] java.security.Security.insertProviderAt (Security.java:369)*
>  *16:06:07.353 0x33fb300 j9trc_aux.1 - [2] org.apache.activemq.broker.BrokerService.<clinit> (BrokerService.java:275)*
>  *16:06:07.353 0x33fb300 j9trc_aux.1 - [3] com.ibm.tivoli.rest.event.amq.AMQPropertiesBrokerFactory.createBroker (AMQPropertiesBrokerFactory.java:30)*
>  *16:06:07.353 0x33fb300 j9trc_aux.1 - [4] org.apache.activemq.broker.BrokerFactory.createBroker (BrokerFactory.java:71)*
>  *16:06:07.353 0x33fb300 j9trc_aux.1 - [5] org.apache.activemq.broker.BrokerFactory.createBroker (BrokerFactory.java:54)*
>  *16:06:07.353 0x33fb300 j9trc_aux.1 - [6] com.ibm.tivoli.rest.event.amq.AMQEventRouterFactory.startBroker (AMQEventRouterFactory.java:430)*
>  *16:06:07.353 0x33fb300 j9trc_aux.1 - [7] com.ibm.tivoli.rest.event.amq.AMQEventRouterFactory.start (AMQEventRouterFactory.java:151)*
>  *16:06:07.353 0x33fb300 j9trc_aux.1 - [8] com.ibm.tivoli.rest.event.EventRouterFactory.getInstance (EventRouterFactory.java:43)*
>  *16:06:07.353 0x33fb300 j9trc_aux.1 - [9] com.ibm.tivoli.rest.amq.AjaxServlet.<init> (AjaxServlet.java:59)*
>  *16:06:07.353 0x33fb300 j9trc_aux.1 - [10] java.lang.J9VMInternals.newInstanceImpl (Native Method)*
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [11] java.lang.Class.newInstance (Class.java:1843) (Compiled Code)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [12] java.beans.Beans.instantiate (Beans.java:240)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [13] java.beans.Beans.instantiate (Beans.java:88)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [14] com.ibm.ws.webcontainer.servlet.ServletWrapper$1.run (ServletWrapper.java:1489)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [15] com.ibm.ws.security.util.AccessController.doPrivileged (AccessController.java:118) (Compiled Code)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [16] com.ibm.ws.webcontainer.servlet.ServletWrapper.loadServlet (ServletWrapper.java:1478)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [17] com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck (ServletWrapper.java:1357)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [18] com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions (WebApp.java:642)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [19] com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally (WebApp.java:608)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [20] com.ibm.ws.webcontainer.webapp.WebAppImpl.initialize (WebAppImpl.java:426)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [21] com.ibm.ws.webcontainer.webapp.WebGroupImpl.addWebApplication (WebGroupImpl.java:88)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [22] com.ibm.ws.webcontainer.VirtualHostImpl.addWebApplication (VirtualHostImpl.java:171)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [23] com.ibm.ws.webcontainer.WSWebContainer.addWebApp (WSWebContainer.java:904)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [24] com.ibm.ws.webcontainer.WSWebContainer.addWebApplication (WSWebContainer.java:789)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [25] com.ibm.ws.webcontainer.component.WebContainerImpl.install (WebContainerImpl.java:427)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [26] com.ibm.ws.webcontainer.component.WebContainerImpl.start (WebContainerImpl.java:719)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [27] com.ibm.ws.runtime.component.ApplicationMgrImpl.start (ApplicationMgrImpl.java:1211)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [28] com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectStart (DeployedApplicationImpl.java:1450)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [29] com.ibm.ws.runtime.component.DeployedModuleImpl.start (DeployedModuleImpl.java:639)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [30] com.ibm.ws.runtime.component.DeployedApplicationImpl.start (DeployedApplicationImpl.java:1032)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [31] com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication (ApplicationMgrImpl.java:795)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [32] com.ibm.ws.runtime.component.ApplicationMgrImpl$5.run (ApplicationMgrImpl.java:2279)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [33] com.ibm.ws.security.auth.ContextManagerImpl.runAs (ContextManagerImpl.java:5572)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [34] com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem (ContextManagerImpl.java:5698)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [35] com.ibm.ws.security.core.SecurityContext.runAsSystem (SecurityContext.java:255)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [36] com.ibm.ws.runtime.component.ApplicationMgrImpl.start (ApplicationMgrImpl.java:2284)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [37] com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start (CompositionUnitMgrImpl.java:436)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [38] com.ibm.ws.runtime.component.CompositionUnitImpl.start (CompositionUnitImpl.java:123)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [39] com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start (CompositionUnitMgrImpl.java:379)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [40] com.ibm.ws.runtime.component.CompositionUnitMgrImpl.access$500 (CompositionUnitMgrImpl.java:127)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [41] com.ibm.ws.runtime.component.CompositionUnitMgrImpl$CUInitializer.run (CompositionUnitMgrImpl.java:985)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [42] com.ibm.wsspi.runtime.component.WsComponentImpl$_AsynchInitializer.run (WsComponentImpl.java:524)
>  16:06:07.353 0x33fb300 j9trc_aux.1 - [43] com.ibm.ws.util.ThreadPool$Worker.run (ThreadPool.java:1892)
>  16:06:07.353 0x33fb300 mt.9 < java/security/Security.insertProviderAt(Ljava/security/Provider;I)I bytecode static method
>  
> If we rollback to old ActiveMq Jars(i.e 5.5.1) its working fine. 
> Please help us in identifying and fixing this issue.
> Products involved are :
> WAS 8.5.5.9 - 8.5.5.14
> LDAP/Active directory
> JazzSM(DASH) 3.1.3 CP5 -CP7
> ActiveMQ 5.13.1
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)