[JBoss JIRA] (WFLY-9627) Update Http Core to 4.4.5 and Client to 4.5.4
by Romain Pelisse (JIRA)
[ https://issues.jboss.org/browse/WFLY-9627?page=com.atlassian.jira.plugin.... ]
Romain Pelisse updated WFLY-9627:
---------------------------------
Description:
Some utility classes have disappeared in the recent version of both librairies, which means some small part of the testsuite code needs to be modified to allow the upgrade.
Note: the upgrade needs to be peform on Wildfly Core but the code changes needed are in Wildfly.
was:Some utility classes have disappeared in the recent version of both librairies, which means some small part of the testsuite code needs to be modified to allow the upgrade.
> Update Http Core to 4.4.5 and Client to 4.5.4
> ---------------------------------------------
>
> Key: WFLY-9627
> URL: https://issues.jboss.org/browse/WFLY-9627
> Project: WildFly
> Issue Type: Component Upgrade
> Reporter: Romain Pelisse
> Assignee: Romain Pelisse
>
> Some utility classes have disappeared in the recent version of both librairies, which means some small part of the testsuite code needs to be modified to allow the upgrade.
> Note: the upgrade needs to be peform on Wildfly Core but the code changes needed are in Wildfly.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (WFLY-9627) Update Http Core to 4.4.5 and Client to 4.5.2
by Romain Pelisse (JIRA)
Romain Pelisse created WFLY-9627:
------------------------------------
Summary: Update Http Core to 4.4.5 and Client to 4.5.2
Key: WFLY-9627
URL: https://issues.jboss.org/browse/WFLY-9627
Project: WildFly
Issue Type: Component Upgrade
Reporter: Romain Pelisse
Assignee: Jason Greene
Some utility classes have disappeared in the recent version of both librairies, which means some small part of the testsuite code needs to be modified to allow the upgrade.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (WFCORE-3457) Reduce Classes in the Elytron Subsystem
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3457?page=com.atlassian.jira.plugi... ]
Darran Lofthouse updated WFCORE-3457:
-------------------------------------
Summary: Reduce Classes in the Elytron Subsystem (was: Minimise Classes in the Elytron Subsystem)
> Reduce Classes in the Elytron Subsystem
> ---------------------------------------
>
> Key: WFCORE-3457
> URL: https://issues.jboss.org/browse/WFCORE-3457
> Project: WildFly Core
> Issue Type: Task
> Components: Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 4.0.0.Alpha6
>
>
> We currently compile to 308 classes, as this subsystem is almost exclusively about management representation (Model and XML) rather than implementation all 308 of these classes will need to be loaded when the subsystem is installed.
> By switching to builders where we can instead of anonymous inner classes and possibly using more common classes I believe a reasonable early target could be drop this to 200 to 250 classes so possibly up to a 33% saving.
> Even without restructuring our resource registrations a lot of our classes exist just to logically group related resources rather than any other purpose.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1455) DB query seen for each request using programatic authentication
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1455?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated ELY-1455:
----------------------------------
Fix Version/s: 1.2.0.Beta12
(was: 1.2.0.Beta11)
> DB query seen for each request using programatic authentication
> ----------------------------------------------------------------
>
> Key: ELY-1455
> URL: https://issues.jboss.org/browse/ELY-1455
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Mechanisms
> Affects Versions: 1.2.0.Beta10
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Critical
> Fix For: 1.2.0.Beta12
>
> Attachments: elytron-bug.zip, server.log, standalone-full-ha.xml
>
>
> User is complaining, that DB is accessed on each request.
> Jdbc-realm + FORM authentication
> {noformat}
> <jdbc-realm name="myappRealm">
> <principal-query sql="SELECT r.role, u.password FROM user u join user_role_auth r on r.email = u.email where u.email=?" data-source="myds">
> <attribute-mapping>
> <attribute to="Roles" index="1"/>
> </attribute-mapping>
> <simple-digest-mapper password-index="2"/>
> </principal-query>
> </jdbc-realm>
> {noformat}
> {noformat}
> 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Principal assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten: [alberto(a)myapp.com]
> 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:04,051 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:04,052 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing principal alberto(a)myapp.com.
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing against the following attributes: [roles] => [Administrator]
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Permission mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorization succeed
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> 2017-11-30 09:31:07,017 TRACE [org.wildfly.security] (default task-125) Principal assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten: [alberto(a)myapp.com]
> 2017-11-30 09:31:07,018 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:07,019 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:07,021 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Authorizing principal alberto(a)myapp.com.
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorizing against the following attributes: [roles] => [Administrator]
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Permission mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorization succeed
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1444) Jdbc-realm with simple digest mapper
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1444?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated ELY-1444:
----------------------------------
Fix Version/s: 1.2.0.Beta12
(was: 1.2.0.Beta11)
> Jdbc-realm with simple digest mapper
> ------------------------------------
>
> Key: ELY-1444
> URL: https://issues.jboss.org/browse/ELY-1444
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Passwords
> Affects Versions: 1.2.0.Beta9
> Reporter: Martin Choma
> Fix For: 1.2.0.Beta12
>
>
> This is inspired by ELY-1435, but in this case trying simple digest hash.
> In db is stored this sha-256 password hash: 5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8
> I get these values by http://passwordsgenerator.net/sha256-hash-generator/
> {noformat}
> 17:30:50,211 DEBUG [org.wildfly.security] (default task-3) Using UsernamePasswordAuthenticationMechanism for username authentication. Realm: [Some Realm], Username: [correctUser].
> 17:30:50,211 TRACE [org.wildfly.security] (default task-3) Handling RealmCallback: selected = [Some Realm]
> 17:30:50,212 TRACE [org.wildfly.security] (default task-3) Handling NameCallback: authenticationName = correctUser
> 17:30:50,212 TRACE [org.wildfly.security] (default task-3) Principal assigning: [correctUser], pre-realm rewritten: [correctUser], realm name: [jdbc-realm], post-realm rewritten: [correctUser], realm rewritten: [correctUser]
> 17:30:50,215 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD FROM USERS WHERE NAME = ? with value correctUser
> 17:30:50,301 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT roles.name FROM users, roles, users_roles WHERE users.name=? AND users.id = users_roles.userid AND roles.id = users_roles.roleid with value correctUser
> 17:30:50,306 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD FROM USERS WHERE NAME = ? with value correctUser
> 17:30:50,324 DEBUG [org.wildfly.security] (default task-3) User correctUser authentication failed.
> 17:30:50,324 TRACE [org.wildfly.security] (default task-3) Handling AuthenticationCompleteCallback: fail
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1440) FlexibleIdentityAssociation should runAs the known SecurityIdentity before associating itself.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1440?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated ELY-1440:
----------------------------------
Fix Version/s: 1.2.0.Beta12
(was: 1.2.0.Beta11)
> FlexibleIdentityAssociation should runAs the known SecurityIdentity before associating itself.
> ----------------------------------------------------------------------------------------------
>
> Key: ELY-1440
> URL: https://issues.jboss.org/browse/ELY-1440
> Project: WildFly Elytron
> Issue Type: Enhancement
> Components: API / SPI
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.2.0.Beta12
>
>
> This API was introduced to cover the case where authentication happens late in a request, generally that is quite a rare event.
> Even though the API may be popular it would likely happen once for a session and all future requests for that session the identity would be known in advance.
> At the moment by not running as the existing identity we are loosing all automatic identity outflow opportunities as calls pass from the servlet container to the EJB container.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1436) Log jdbc-realm key-mapper processing
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1436?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated ELY-1436:
----------------------------------
Fix Version/s: 1.2.0.Beta12
(was: 1.2.0.Beta11)
> Log jdbc-realm key-mapper processing
> ------------------------------------
>
> Key: ELY-1436
> URL: https://issues.jboss.org/browse/ELY-1436
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Fix For: 1.2.0.Beta12
>
>
> User reported problem with getting work jdbc_realm with bcrypt mapper. He had configured org.wildfly.security to log TRACE messages, but log does not provide any useful information regarding mapping password from DB.
> In this case seems problem was in mixing base64 vs. modular crypt format.
> Looking into PasswordKeyMapper there is a lot of logic and lot of steps which can get wrong. So logging some TRACE messages can hint user what is going on and what went wrong.
> Also I have noticed there is unhandled exception. Please at least log some TRACE message.
> {code:java|title=PasswordKeyMapper.java}
> } catch (InvalidKeySpecException e) {
> // fall out (unlikely but possible)
> }
> {code}
> [1] https://developer.jboss.org/message/977727
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years