infinispan-dev March 2017

infinispan-dev@lists.jboss.org

20 participants
34 discussions

by Vladimir Blagojevic

Guys, I am on PTO (March 6th-8th). Here is my weekly update: ISPN-7228 - Fixed a minor issue where an invalid schema got added anyway ISPN-7544 - Server cards do not indicate correct status in some cases All server states are properly indicated on the card now. We also adjusted an action menu for servers to accommodate all possible states (we handle reload-required and restart-required now) ISPN-7477 Parsing of all endpoints including multi tenant router endpoints. Currently on PR queue at https://github.com/infinispan/infinispan-management-console/pull/192 I also completed console sketches for initial proposal and basic use cases for endpoints. PR is at https://github.com/infinispan/infinispan-console-mockup/pull/15 Infinispan 9.1 document plan has been updated to reflect basic endpoints use cases. I'll add more use cases this week. Document is at https://docs.google.com/document/d/1ot7m0e1lslc7mA1f2ArN4f4YeT8vbFUafXail... Vladimir

7 years, 2 months

1
0
0 / 0

JDK 9 EA Build 159 and JDK 8u152 is available on java.net

by Rory O'Donnell

Hi Galder, *JDK 8u152 **Early Access b01 <https://jdk8.java.net/download.html> *is available on java.net *JDK 9 Early Access* b159 <https://jdk9.java.net/download/> is available on java.net, summary of changes are listed here <http://download.java.net/java/jdk9/changes/jdk-9+159.html>. There have been a number of fixes to bugs reported by Open Source projects since the last availability email : * b159 - JDK-8175261 : Per-protocol cache setting not working for JAR URLConnection * b158 - JDK-8173028 : Incorrect processing of supplementary-plane characters in text fields * b158 - JDK-8172967 : [macosx] Exception while working with layout for text containing unmappable character * b158 - JDK-8173804 : javadoc throws UnsupportedOperationException: should not happen * b157 - JDK-8174073 : NPE caused by @link reference to class * b156 - JDK-8172726 : ForkJoin common pool retains a reference to the thread context class loader The following changeset is included in jdk-9+158: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/8b0d55e02f54 If you have a user-defined Policy implementation that grants FilePermission on ${user.dir}/-, reading a file in the current directory using its base name will fail. Still the same solution: Ensure that the path used in permission granting has the same style as the one how you access the file. Setting -Djdk.security.filePermCompat=true will take you back to the jdk-9+140 behavior. Setting -Djdk.io.permissionsUseCanonicalPath=true will take you back to the jdk8 behavior. Feedback is welcome on jdk9-dev(a)openjdk.java.net Other areas of interest * JDK 9 Developer Guide [1] * JDK 9 Migration Guide [2] * JDK Cryptographic Roadmap [3] Finaly, Dalibor and I gave a presentation at FOSDEM the video is available here [*4*] Rgds,Rory [1] http://docs.oracle.com/javase/9/javase-docs.htm [2] https://docs.oracle.com/javase/9/migrate/toc.htm#JSMIG-GUID-7744EF96-5899... [3] https://www.java.com/en/jre-jdk-cryptoroadmap.html [4] https://fosdem.org/2017/schedule/event/outreach/ -- Rgds,Rory O'Donnell Quality Engineering Manager Oracle EMEA , Dublin, Ireland

7 years, 2 months

1
0
0 / 0

SASL noanonymous policy

by Vojtech Juranek

Hi, the behaviour of HR authentication handler has changed recently [1]. Now, if HR authentication is enabled, anonymous access over HR is disabled unless SASL property NOANONYMOUS is set to false. While I agree that disabling anonymous access by default is reasonable, on the other hand I find this approach confusing for 2 reasons: * my understanding of ISPN security mode was that "what is not explicitly forbidden it's allowed" (this is itself IMHO quite confusing, but OK) - e.g. if the security is defined on cache container level, access to all caches is granted to anyone, unless security is defined also for given cache. Recent change takes different approach "what is not explicitly allowed is forbidden", IMHO making whole security configuration even more confusing for the users. * SASL policy is actually intended for SASL mechanism negotiation (see e.g. "How SASL Mechanisms are Installed and Selected" in [2]) so that it doesn't have to be specified explicitly and shouldn't be used in server logic. Using it in sever logic can be again quite confusing for users and, even worse, can result into security flaws - e.g. admin which expects that EXTERNAL authentication will be used will set SASL policy to NOANONYMOUS and the side effect would be that any unsecured cache can be access by any (non authenticated!) user. IMHO HR authentication handler should be rewritten so that is just passes SASL policy to SASL server and don't use it in sever logic and we also should sick with one approach "what is not allowed is forbidden" or "what is not forbidden is allowed" and we should use it consistently everywhere where security comes into the play. Thoughts? Thanks Vojta [1] https://github.com/infinispan/infinispan/commit/ edaf39bd09a52a37f28abe9fdc29ee3214d6c256 [2] https://docs.oracle.com/javase/8/docs/technotes/guides/security/sasl/sasl...

7 years, 2 months

2
2
0 / 0

Have a look at the new HealthCheck API blog post

by Sebastian Laskawiec

http://blog.infinispan.org/2017/03/checking-infinispan-cluster-health-and...

7 years, 2 months

1
0
0 / 0

← Newer
1
2
3
4
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

infinispan-dev March 2017