[JBoss JIRA] (ISPN-4112) RHQ library plugin: restart cache -- availability report DOWN but cache running
by William Burns (JIRA)
[ https://issues.jboss.org/browse/ISPN-4112?page=com.atlassian.jira.plugin.... ]
William Burns reassigned ISPN-4112:
-----------------------------------
Assignee: William Burns (was: Mircea Markus)
> RHQ library plugin: restart cache -- availability report DOWN but cache running
> -------------------------------------------------------------------------------
>
> Key: ISPN-4112
> URL: https://issues.jboss.org/browse/ISPN-4112
> Project: Infinispan
> Issue Type: Bug
> Components: JMX, reporting and management
> Affects Versions: 6.0.1.Final, 7.0.0.Alpha1
> Reporter: Tomas Sykora
> Assignee: William Burns
>
> When we explicitly call STOP operation on particular cache using RHQ UI, this operation is successfully issued and cache is stopped.
> Then, we can issue START operation as well.
> Cache is started but RHQ is still not-correctly reporting that cache is DOWN and unavailable.
> I will investigate this issue, this is just for proper heads up and for tracking purposes.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
9 years, 10 months
[JBoss JIRA] (ISPN-4316) The client is tried for "SSL Peer Authentication" even though encryption's require-ssl-client-auth is set to false
by Galder Zamarreño (JIRA)
[ https://issues.jboss.org/browse/ISPN-4316?page=com.atlassian.jira.plugin.... ]
Galder Zamarreño updated ISPN-4316:
-----------------------------------
Status: Pull Request Sent (was: Open)
Git Pull Request: https://github.com/infinispan/infinispan/pull/2575
> The client is tried for "SSL Peer Authentication" even though encryption's require-ssl-client-auth is set to false
> ------------------------------------------------------------------------------------------------------------------
>
> Key: ISPN-4316
> URL: https://issues.jboss.org/browse/ISPN-4316
> Project: Infinispan
> Issue Type: Bug
> Components: Security, Server
> Affects Versions: 7.0.0.Alpha4
> Reporter: Vijay Bhaskar Chintalapati
> Assignee: Tristan Tarrant
> Fix For: 7.0.0.Alpha5
>
>
> Consider the scenario:
> - The client enables the authentication thru ConfigurationBuilder (i.e cb.security().authentication())
> - The Server's SSL configuration doesn't require client authentication (i.e require-ssl-client-auth="false") and in addition the security-realm's <authentication .../> doesn't include a <truststore .../>
> In such a scenario the client is unable to authenticate as the following exception is thrown in the server side logs:
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> One sided communication encryption (with client storing server's certificate in its trust store) should be supported particularly when the client wants to authenticate via credentials
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
9 years, 10 months
[JBoss JIRA] (ISPN-4316) The client is tried for "SSL Peer Authentication" even though encryption's require-ssl-client-auth is set to false
by Galder Zamarreño (JIRA)
[ https://issues.jboss.org/browse/ISPN-4316?page=com.atlassian.jira.plugin.... ]
Galder Zamarreño updated ISPN-4316:
-----------------------------------
Status: Resolved (was: Pull Request Sent)
Fix Version/s: 7.0.0.Alpha5
Resolution: Done
> The client is tried for "SSL Peer Authentication" even though encryption's require-ssl-client-auth is set to false
> ------------------------------------------------------------------------------------------------------------------
>
> Key: ISPN-4316
> URL: https://issues.jboss.org/browse/ISPN-4316
> Project: Infinispan
> Issue Type: Bug
> Components: Security, Server
> Affects Versions: 7.0.0.Alpha4
> Reporter: Vijay Bhaskar Chintalapati
> Assignee: Tristan Tarrant
> Fix For: 7.0.0.Alpha5
>
>
> Consider the scenario:
> - The client enables the authentication thru ConfigurationBuilder (i.e cb.security().authentication())
> - The Server's SSL configuration doesn't require client authentication (i.e require-ssl-client-auth="false") and in addition the security-realm's <authentication .../> doesn't include a <truststore .../>
> In such a scenario the client is unable to authenticate as the following exception is thrown in the server side logs:
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> One sided communication encryption (with client storing server's certificate in its trust store) should be supported particularly when the client wants to authenticate via credentials
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
9 years, 10 months
[JBoss JIRA] (ISPN-4313) If Hotrod Server encryption's require-ssl-client-auth is set to true, <truststore .. /> existence must be checked
by Galder Zamarreño (JIRA)
[ https://issues.jboss.org/browse/ISPN-4313?page=com.atlassian.jira.plugin.... ]
Galder Zamarreño updated ISPN-4313:
-----------------------------------
Status: Resolved (was: Pull Request Sent)
Fix Version/s: 7.0.0.Alpha5
Resolution: Done
> If Hotrod Server encryption's require-ssl-client-auth is set to true, <truststore .. /> existence must be checked
> -----------------------------------------------------------------------------------------------------------------
>
> Key: ISPN-4313
> URL: https://issues.jboss.org/browse/ISPN-4313
> Project: Infinispan
> Issue Type: Bug
> Components: Configuration, Security, Server
> Affects Versions: 7.0.0.Alpha4
> Reporter: Vijay Bhaskar Chintalapati
> Assignee: Tristan Tarrant
> Priority: Critical
> Fix For: 7.0.0.Alpha5
>
>
> Currently the Infinispan Server can be configured with SSL encryption such that it requires the client to authenticate itself to the server for the purposes of encryption. This can be done by setting the attribute require-ssl-client-auth="true" as shown below.
> <hotrod-connector socket-binding="hotrod" cache-container="security">
> ....
> <encryption security-realm="ApplicationRealm" require-ssl-client-auth="true"/>
> ....
> </hotrod>
> But when that attribute is set to "true" a check should be enforced to check the existence of the the <truststore .. /> element exists in secruity-realm's <authentication>.
> If the check on the configuration fails, the server should throw and error on bootup rather than fail when client connections start to come in.
> Currently when the require-ssl-client-auth="true" and there is no <truststore../> configured, client connections fail and the exception below is thrown in the server's logs:
> javax.net.ssl.SSLHandshakeException: null cert chain
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
9 years, 10 months
[JBoss JIRA] (ISPN-4302) Set default isolation level to READ_COMMITTED in server
by Galder Zamarreño (JIRA)
[ https://issues.jboss.org/browse/ISPN-4302?page=com.atlassian.jira.plugin.... ]
Galder Zamarreño updated ISPN-4302:
-----------------------------------
Status: Resolved (was: Pull Request Sent)
Fix Version/s: 7.0.0.Final
Resolution: Done
> Set default isolation level to READ_COMMITTED in server
> -------------------------------------------------------
>
> Key: ISPN-4302
> URL: https://issues.jboss.org/browse/ISPN-4302
> Project: Infinispan
> Issue Type: Bug
> Components: Server
> Reporter: Martin Gencur
> Assignee: Martin Gencur
> Fix For: 7.0.0.Final, 7.0.0.Alpha4
>
>
> When <locking> configuration element is present in server configuration but isolation is not specified, the resulting value for isolation will be REPEATABLE_READ - this is inconsistent with library mode and further, REPEATABLE_READ is not a valid value in the server distribution as the server does not support transactions.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
9 years, 10 months