[TASK] Java 17 Upgrade Server + Client, Upgrade auf Wildfly 26

j-dimension commented 1 year ago

Benötigt für KSW Toolkit BRAK empfiehlt Liberica Full JDK 17.0.7+7 x86 64

offene Punkte Wildfly 26:

[x] Installer Server: Windows Install
[x] Installer Server: Windows Update
[x] Installer Server: Linux Install
[x] Installer Server: Linux Update
[x] Installer Server: Mac Install
[x] Installer Server: Mac Update
[x] Installer Server: j-lawyer.BOX
[x] Installer Server: j-lawyer.BOX muss Managementkonsole updaten, wenn nicht lauffähig auf neuem Wildfly
[x] Installer Server (Windows): prüfen, ob mitgeliefertes JRE verwendet wird
[x] Installer Server (Linux): prüfen, ob mitgeliefertes JRE verwendet wird - FEHLER! nutzt noch System-JDK
[x] Installer Server (Mac): prüfen, ob mitgeliefertes JRE verwendet wird
[x] Installer Client: Windows Install
[x] Installer Client: Windows Update
[x] Installer Client: Linux Install
[x] Installer Client: Linux Update
[x] Installer Client: Mac Install
[x] Installer Client: Mac Update
[x] Installer Client: Mac Crash unter High Sierra (ab Monterey sollte es keine Probleme geben)
[ ] Verschlüsselung DB-Passwort
[x] Test Credentials-Caching und Methode flushUserCache - erledigt, flush scheint nicht mehr notwendig zu sein
[x] Konfiguration Hashing für DB-Security
[x] MDBs prüfen (SearchIndexProcessor)
[x] nicht mehr unterstützt: security-domain in jboss-app.xml (j-lawyer-server, j-lawyer-io, j-lawyer-server-io)
[x] securitydomain-annotation überall anwenden
[x] Docker
[x] Detailkonfigrationen Datenbank (retry, ...)
[x] RESTEasy-Fehler debuggen - Erkenntnis: wenn nach Wildfly-Startup erst der remote EJB client den REST client triggert, dann Fehler. Wenn der TimerTask via AutostartServlet zuerst den REST client triggert, gibt es keine Probleme.

j-dimension commented 11 months ago

relativ nah an der produktiven Konfig, nur mit SCRAM statt DIGEST-SHA-256:

/subsystem=elytron/jdbc-realm=jlawyer-jdbc-realm:add(principal-query=[{sql="SELECT PASSWORD, SALT, ITERATION_COUNT FROM USERS WHERE USERNAME = ?", data-source="jlawyerdb", scram-mapper={password-index=1, salt-index=2, iteration-count-index=3}},{sql="SELECT R.NAME, 'Roles' FROM USERS_ROLES UR INNER JOIN ROLES R ON R.ID = UR.ROLE_ID INNER JOIN USERS U ON U.ID = UR.USER_ID WHERE U.USERNAME = ?", data-source="jlawyerdb", attribute-mapping=[{index=1, to=roles}]}])

/subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute="roles")

/subsystem=elytron/security-domain=jlawyer-security-domain:add(default-realm=jlawyer-jdbc-realm, permission-mapper=default-permission-mapper, realms=[{realm=jlawyer-jdbc-realm, role-decoder=from-roles-attribute}])

/subsystem=ejb3/application-security-domain=jlawyer-application-security-domain:add(security-domain=jlawyer-security-domain)

/subsystem=elytron/sasl-authentication-factory=jlawyer-sasl-authentication-factory:add(sasl-server-factory=configured, security-domain=jlawyer-security-domain, mechanism-configurations=[{mechanism-name=SCRAM-SHA-256, mechanism-realm-configurations=[{realm-name=jlawyer-jdbc-realm}]}])

/subsystem=remoting/http-connector=http-remoting-connector:write-attribute(name=sasl-authentication-factory,value=jlawyer-sasl-authentication-factory)

j-dimension commented 11 months ago

DB-Passwort verschlüsseln:

<subsystem xmlns="urn:wildfly:elytron:14.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
    ...
    <credential-stores>
        <credential-store name="myCredentialStore" relative-to="jboss.server.data.dir" path="credential-store.jceks"/>
    </credential-stores>
    ...
</subsystem>

CLI: /subsystem=elytron/credential-store=myCredentialStore:add-alias(alias=dbPassword, secret-value="yourEncryptedPassword")

        <datasource jta="true" jndi-name="java:/jboss/datasources/YourDS" pool-name="YourDS" enabled="true" use-ccm="true">
            ...
            <security>
                <user-name>yourUsername</user-name>
                <credential-reference clear-text="false" store="myCredentialStore" alias="dbPassword"/>
            </security>
            ...
        </datasource>

j-dimension commented 11 months ago

Caused by: java.lang.NullPointerException: Cannot invoke "java.lang.reflect.Constructor.getParameterTypes()" because "constructor" is null
    at org.jboss.resteasy.resteasy-core@4.7.7.Final//org.jboss.resteasy.core.ConstructorInjectorImpl.<init>(ConstructorInjectorImpl.java:55)
    at org.jboss.resteasy.resteasy-core@4.7.7.Final//org.jboss.resteasy.core.InjectorFactoryImpl.createConstructor(InjectorFactoryImpl.java:61)
    at org.jboss.resteasy.resteasy-core@4.7.7.Final//org.jboss.resteasy.core.providerfactory.ResteasyProviderFactoryImpl.injectedInstance(ResteasyProviderFactoryImpl.java:1398)
    at org.jboss.resteasy.resteasy-core@4.7.7.Final//org.jboss.resteasy.core.interception.jaxrs.JaxrsInterceptorRegistryImpl$AbstractInterceptorFactory.createInterceptor(JaxrsInterceptorRegistryImpl.java:150)
    at org.jboss.resteasy.resteasy-core@4.7.7.Final//org.jboss.resteasy.core.interception.jaxrs.JaxrsInterceptorRegistryImpl$OnDemandInterceptorFactory.initialize(JaxrsInterceptorRegistryImpl.java:168)
    at org.jboss.resteasy.resteasy-core@4.7.7.Final//org.jboss.resteasy.core.interception.jaxrs.JaxrsInterceptorRegistryImpl$OnDemandInterceptorFactory.checkInitialize(JaxrsInterceptorRegistryImpl.java:183)
    at org.jboss.resteasy.resteasy-core@4.7.7.Final//org.jboss.resteasy.core.interception.jaxrs.JaxrsInterceptorRegistryImpl$OnDemandInterceptorFactory.getInterceptor(JaxrsInterceptorRegistryImpl.java:193)
    at org.jboss.resteasy.resteasy-core@4.7.7.Final//org.jboss.resteasy.core.interception.jaxrs.JaxrsInterceptorRegistryImpl$AbstractInterceptorFactory.postMatch(JaxrsInterceptorRegistryImpl.java:138)
    at org.jboss.resteasy.resteasy-core@4.7.7.Final//org.jboss.resteasy.core.interception.jaxrs.JaxrsInterceptorRegistryImpl.postMatch(JaxrsInterceptorRegistryImpl.java:288)
    at org.jboss.resteasy.resteasy-client@4.7.7.Final//org.jboss.resteasy.client.jaxrs.internal.ClientConfiguration.getRequestFilters(ClientConfiguration.java:120)
    at org.jboss.resteasy.resteasy-client@4.7.7.Final//org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.getRequestFilters(ClientInvocation.java:460)
    at org.jboss.resteasy.resteasy-client@4.7.7.Final//org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.filterRequest(ClientInvocation.java:759)
    at org.jboss.resteasy.resteasy-client@4.7.7.Final//org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:491)
    at org.jboss.resteasy.resteasy-client@4.7.7.Final//org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:69)
    at org.jboss.resteasy.resteasy-client@4.7.7.Final//org.jboss.resteasy.client.jaxrs.internal.ClientInvocationBuilder.post(ClientInvocationBuilder.java:226)
    at deployment.j-lawyer-server.ear//com.jdimension.jlawyer.epost.EpostAPI.login(EpostAPI.java:782)

j-dimension commented 11 months ago

Resteasy durch Jersey ersetzt

j-dimension commented 11 months ago

Flushing security domain cache:

https://docs.wildfly.org/26/wildscribe/subsystem/elytron/caching-realm/index.html

jlawyerorg / j-lawyer-org

[TASK] Java 17 Upgrade Server + Client, Upgrade auf Wildfly 26 #2099