[JBoss JIRA] (WFLY-3696) Security domain configuration doesn't allow empty or missing login-module-stack
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/WFLY-3696?page=com.atlassian.jira.plugin.... ]
RH Bugzilla Integration commented on WFLY-3696:
-----------------------------------------------
Chao Wang <chaowan(a)redhat.com> changed the Status of [bug 901075|https://bugzilla.redhat.com/show_bug.cgi?id=901075] from ASSIGNED to POST
> Security domain configuration doesn't allow empty or missing login-module-stack
> -------------------------------------------------------------------------------
>
> Key: WFLY-3696
> URL: https://issues.jboss.org/browse/WFLY-3696
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Security
> Affects Versions: 8.1.0.Final
> Reporter: Chao Wang
> Assignee: Chao Wang
>
> https://bugzilla.redhat.com/show_bug.cgi?id=901075 description:
> project_key: JBPAPP6
> Adding a security domain with JASPI authentication fails if there is no (or is empty) login-module-stack. It should be possible to add custom ServerAuthModule, which doesn't use JAAS login modules.
> {code:xml}
> <security-domain name="jmx-console" cache-type="default">
> <authentication-jaspi>
> <!-- FIXME: the not empty login-module-stack must be provided even it's not used -->
> <login-module-stack name="lm-stack">
> <login-module code="UsersRoles" flag="required"/>
> </login-module-stack>
> <auth-module code="org.jboss.example.CustomServerAuthModule" flag="required">
> <module-option name="option1" value="value1" />
> </auth-module>
> </authentication-jaspi>
> </security-domain>
> {code}
> It should be possible to remove here the login-module-stack element.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
11 years, 4 months
- 1
- 0
[JBoss JIRA] (WFLY-122) Clean unreferenced deployments from the content repository
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/WFLY-122?page=com.atlassian.jira.plugin.s... ]
RH Bugzilla Integration commented on WFLY-122:
----------------------------------------------
James Livingston <jlivings(a)redhat.com> changed the Status of [bug 1124689|https://bugzilla.redhat.com/show_bug.cgi?id=1124689] from NEW to CLOSED
> Clean unreferenced deployments from the content repository
> ----------------------------------------------------------
>
> Key: WFLY-122
> URL: https://issues.jboss.org/browse/WFLY-122
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Domain Management
> Reporter: Brian Stansberry
> Fix For: 9.0.0.CR1
>
>
> The algorithm for removing unused deployments from the content repository is based on doing this as part of undeploy operation execution. This doesn't cover cases where the content is never explicitly undeployed. For example:
> 1) Scanner content that is updated when the server is offline; the old content will not have been "undeployed" during shutdown, and on startup the new content will be installed.
> 2) Similar issues with deployments generated from module resources (see "A Mixed Approach on https://community.jboss.org/wiki/ExtendingAS7). When the server shuts down, there is no "subsystem remove" as part of shutdown, so the content added during start will not be removed.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
11 years, 4 months
- 1
- 0
[JBoss JIRA] (WFLY-122) Clean unreferenced deployments from the content repository
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/WFLY-122?page=com.atlassian.jira.plugin.s... ]
RH Bugzilla Integration updated WFLY-122:
-----------------------------------------
Bugzilla References: https://bugzilla.redhat.com/show_bug.cgi?id=1124689, https://bugzilla.redhat.com/show_bug.cgi?id=1018026 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1124689)
> Clean unreferenced deployments from the content repository
> ----------------------------------------------------------
>
> Key: WFLY-122
> URL: https://issues.jboss.org/browse/WFLY-122
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Domain Management
> Reporter: Brian Stansberry
> Fix For: 9.0.0.CR1
>
>
> The algorithm for removing unused deployments from the content repository is based on doing this as part of undeploy operation execution. This doesn't cover cases where the content is never explicitly undeployed. For example:
> 1) Scanner content that is updated when the server is offline; the old content will not have been "undeployed" during shutdown, and on startup the new content will be installed.
> 2) Similar issues with deployments generated from module resources (see "A Mixed Approach on https://community.jboss.org/wiki/ExtendingAS7). When the server shuts down, there is no "subsystem remove" as part of shutdown, so the content added during start will not be removed.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
11 years, 4 months
- 1
- 0