[JBoss JIRA] Created: (JBESB-2120) JaasSecurityService configured multiple times
by Kevin Conner (JIRA)
JaasSecurityService configured multiple times
---------------------------------------------
Key: JBESB-2120
URL: https://jira.jboss.org/jira/browse/JBESB-2120
Project: JBoss ESB
Issue Type: Task
Security Level: Public (Everyone can see)
Components: Security
Affects Versions: 4.4 CP1
Reporter: Kevin Conner
Assignee: Daniel Bevenius
Fix For: 4.4 CP1
The JaasSecurityService is initalised and refreshed with every action processing pipeline that contains a security configuration. This should really be a one-off configuration.
Also, the service is also modifying the JAAS configuration by setting properties and then creating an instance of a SUN private class. We should be using the normal mechanism to specify these policies, i.e. through login-config.xml.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 6 months
[JBoss JIRA] Created: (JBESB-2121) Replace crypto util with sealed object
by Kevin Conner (JIRA)
Replace crypto util with sealed object
--------------------------------------
Key: JBESB-2121
URL: https://jira.jboss.org/jira/browse/JBESB-2121
Project: JBoss ESB
Issue Type: Task
Security Level: Public (Everyone can see)
Components: Security
Affects Versions: 4.4 CP1
Reporter: Kevin Conner
Assignee: Daniel Bevenius
Fix For: 4.4 CP1
The crypto util classes are used to encrypt the SecurityContext but we should be able to use a SealedObject.
The util also relies on having a keystore configured but it would be sufficient to have the key(s) automatically generated on startup and use this to encrypt the session information.
Another issue with the class is that the encrypt/decrypt methods repeatedly encrypt the serialised data in chunks but the encrypt/decrypt sizes are very dependent on the block cipher in use (currently RSA). If the configuration specifies a different cipher then this is likely to fail. If we can move to a SealedObject then this should no longer be an issue.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 6 months
[JBoss JIRA] Created: (JBESB-2090) Getting Started Guide not in sync with helloworld QS
by Jaroslaw Kijanowski (JIRA)
Getting Started Guide not in sync with helloworld QS
----------------------------------------------------
Key: JBESB-2090
URL: https://jira.jboss.org/jira/browse/JBESB-2090
Project: JBoss ESB
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Documentation
Affects Versions: 4.4 CP1
Reporter: Jaroslaw Kijanowski
In both pictures, following changes should be applied:
queue/quickstart_helloworld_Request ->
queue/quickstart_helloworld_Request_gw
queue/B ->
queue/quickstart_helloworld_Request_esb
FirstService:JMSService ->
FirstServiceESB:SimpleListener
page 10:
The "FirstService:SimpleListener" ESB Aware Service Listener... ->
The "FirstServiceESB:SimpleListener" ESB Aware Service Listener...
listens for "ESB Aware" messages on "queue/quickstart_helloworld_Request_gw". ->
listens for "ESB Aware" messages on "queue/quickstart_helloworld_Request_esb". ->
page 12:
... messages are put on the bus, the "FirstService:SimpleJMSService" Service is registered ... ->
... messages are put on the bus, the "FirstServiceESB:SimpleListener" Service is registered ...
This works out to be JMS Queue "queue/quickstart_helloworld_Request_gw" ->
This works out to be JMS Queue "queue/quickstart_helloworld_Request_esb"
The JMS Gateway Listener "adapts" the message into an ESB Aware message and places it into JMS Queue "queue/=quickstart_helloworld_Request_gw" ->
The JMS Gateway Listener "adapts" the message into an ESB Aware message and places it into JMS Queue "queue/quickstart_helloworld_Request_esb"
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 6 months
[JBoss JIRA] Created: (JBESB-2126) JBoss security credentials not always initialised
by Kevin Conner (JIRA)
JBoss security credentials not always initialised
-------------------------------------------------
Key: JBESB-2126
URL: https://jira.jboss.org/jira/browse/JBESB-2126
Project: JBoss ESB
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Security
Affects Versions: 4.4 CP1
Reporter: Kevin Conner
Fix For: 4.4 CP1
The JBoss security credentials are not always propagated.
The current code is pushing the context within the authentication but there are a couple of issues with this.
- authentication is not always performed (if a security context exists)
- there is not attempt to 'pop' these credentials when finished.
This functionality should be pushed into the pipeline, through an implementation(s) configured from jbossesb-properties.xml, and wrap the execution.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 6 months
[JBoss JIRA] Created: (JBESB-2136) Security context not passed to EJB in a way that EJB understands
by Martin Vecera (JIRA)
Security context not passed to EJB in a way that EJB understands
----------------------------------------------------------------
Key: JBESB-2136
URL: https://jira.jboss.org/jira/browse/JBESB-2136
Project: JBoss ESB
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Rosetta
Affects Versions: 4.4
Reporter: Martin Vecera
Attachments: security_ejb.tar.bz2
It is not possible to call secured EJB (secured with annotations, see attached file) from secured ESB service.
The ESB's security context is passed - comment out security annotations @SecurityDomain and @RolesAllowed in ejb3/src/org/jboss/soa/esb/samples/quickstart/servicecaller/ServiceCallerBean.java and rerun the test. You'll see the Subject passed which is correct.
You can run this example by copying it to quickstarts and running:
ant deploy-ejb
ant deploy
ant runtest
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 6 months
[JBoss JIRA] Created: (JBESB-2108) InVM issues
by Kevin Conner (JIRA)
InVM issues
-----------
Key: JBESB-2108
URL: https://jira.jboss.org/jira/browse/JBESB-2108
Project: JBoss ESB
Issue Type: Task
Security Level: Public (Everyone can see)
Components: Transports
Affects Versions: 4.4
Reporter: Kevin Conner
The InVMCourier contains a notion of active state but the handling of this is inconsistent and error prone.
The courier is created in the active state and can only be disabled when the associated service is unregistered. Unfortunately the courier is *always* enabled when it is retrieved from the CourierFactory.
This can lead to inconsistent behaviour on behalf of the users of the courier as the disabled courier can be enabled when anyone retrieves a new courier for the service.
This is further compounded by the fact that the courier names are not unique. The name is derived from a concatenation of the category/name but this can clash when multiple ESBs expose the same service in the same VM. It can also clash with other services that happen to generate the same concatenation.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 6 months