February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-8255) New EJB Authentication tests (in AS TS) fail with Elytron profile

by Josef Cacek (JIRA)

Josef Cacek created WFLY-8255: --------------------------------- Summary: New EJB Authentication tests (in AS TS) fail with Elytron profile Key: WFLY-8255 URL: https://issues.jboss.org/browse/WFLY-8255 Project: WildFly Issue Type: Bug Components: Test Suite, Security Reporter: Josef Cacek Assignee: Darran Lofthouse Priority: Critical The newly introduced authentication tests ({{AuthenticationElytronTestCase}}, {{AuthenticationTestCase}}) in {{org.jboss.as.test.integration.ejb.security}} package fail when executed with Elytron AS TS profile. {noformat} cd testsuite/integration/basic mvn clean test -Dtest=org.jboss.as.test.integration.ejb.security.Authentication\* -Delytron ... Failed tests: AuthenticationElytronTestCase.testAuthenticatedCall:15->AbstractAuthenticationTestCase.testAuthenticatedCall:206 expected:<[user1]> but was:<[anonymous]> AuthenticationElytronTestCase.testAuthentication:15->AbstractAuthenticationTestCase.testAuthentication:136 expected:<[user1]> but was:<[anonymous]> AuthenticationElytronTestCase.testAuthentication_BadPwd:15->AbstractAuthenticationTestCase.testAuthentication_BadPwd:148 Expected EJBAccessException due to bad password not thrown. (EJB 3.1 FR 17.6.9) AuthenticationElytronTestCase.testAuthentication_TwoBeans:15->AbstractAuthenticationTestCase.testAuthentication_TwoBeans:161 expected:<[user1]> but was:<[anonymous]> AuthenticationElytronTestCase.testAuthentication_TwoBeans_ReAuth:15->AbstractAuthenticationTestCase.testAuthentication_TwoBeans_ReAuth:174 expected:<[user1]> but was:<[anonymous]> AuthenticationElytronTestCase.testAuthentication_TwoBeans_ReAuth_BadPwd:15->AbstractAuthenticationTestCase.testAuthentication_TwoBeans_ReAuth_BadPwd:188 Expected EJBAccessException due to bad password not thrown. (EJB 3.1 FR 17.6.9) AuthenticationElytronTestCase.testAuthentication_TwoBeans_ReAuth__BadPwd_ViaServlet:15->AbstractAuthenticationTestCase.testAuthentication_TwoBeans_ReAuth__BadPwd_ViaServlet:262 null AuthenticationElytronTestCase.testICIRSingle:15->AbstractAuthenticationTestCase.testICIRSingle:275 null AuthenticationElytronTestCase.testICIR_TwoBeans:15->AbstractAuthenticationTestCase.testICIR_TwoBeans:290 null AuthenticationElytronTestCase.testICIR_TwoBeans_ReAuth:15->AbstractAuthenticationTestCase.testICIR_TwoBeans_ReAuth:312 null AuthenticationTestCase.testAuthentication_TwoBeans_ReAuth__BadPwd_ViaServlet:11->AbstractAuthenticationTestCase.testAuthentication_TwoBeans_ReAuth__BadPwd_ViaServlet:262 null Tests in error: AuthenticationElytronTestCase.testAuthentication_ReAuth_ViaServlet:15->AbstractAuthenticationTestCase.testAuthentication_ReAuth_ViaServlet:240->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO AuthenticationElytronTestCase.testAuthentication_TwoBeans_ReAuth_ViaServlet:15->AbstractAuthenticationTestCase.testAuthentication_TwoBeans_ReAuth_ViaServlet:252->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO AuthenticationElytronTestCase.testAuthentication_TwoBeans_ViaServlet:15->AbstractAuthenticationTestCase.testAuthentication_TwoBeans_ViaServlet:246->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO AuthenticationElytronTestCase.testAuthentication_ViaServlet:15->AbstractAuthenticationTestCase.testAuthentication_ViaServlet:234->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO AuthenticationElytronTestCase.testICIR_ReAuth_ViaServlet:15->AbstractAuthenticationTestCase.testICIR_ReAuth_ViaServlet:417->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO AuthenticationElytronTestCase.testICIR_TwoBeans_ReAuth_ViaServlet:15->AbstractAuthenticationTestCase.testICIR_TwoBeans_ReAuth_ViaServlet:437->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO AuthenticationElytronTestCase.testICIR_TwoBeans_ViaServlet:15->AbstractAuthenticationTestCase.testICIR_TwoBeans_ViaServlet:427->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO AuthenticationElytronTestCase.testICIR_ViaServlet:15->AbstractAuthenticationTestCase.testICIR_ViaServlet:407->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO AuthenticationTestCase.testAuthentication_ReAuth_ViaServlet:11->AbstractAuthenticationTestCase.testAuthentication_ReAuth_ViaServlet:240->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO AuthenticationTestCase.testAuthentication_TwoBeans_ReAuth_ViaServlet:11->AbstractAuthenticationTestCase.testAuthentication_TwoBeans_ReAuth_ViaServlet:252->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO AuthenticationTestCase.testAuthentication_TwoBeans_ViaServlet:11->AbstractAuthenticationTestCase.testAuthentication_TwoBeans_ViaServlet:246->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO AuthenticationTestCase.testAuthentication_ViaServlet:11->AbstractAuthenticationTestCase.testAuthentication_ViaServlet:234->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO AuthenticationTestCase.testICIR_ReAuth_ViaServlet:11->AbstractAuthenticationTestCase.testICIR_ReAuth_ViaServlet:417->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO AuthenticationTestCase.testICIR_TwoBeans_ReAuth_ViaServlet:11->AbstractAuthenticationTestCase.testICIR_TwoBeans_ReAuth_ViaServlet:437->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO AuthenticationTestCase.testICIR_TwoBeans_ViaServlet:11->AbstractAuthenticationTestCase.testICIR_TwoBeans_ViaServlet:427->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO AuthenticationTestCase.testICIR_ViaServlet:11->AbstractAuthenticationTestCase.testICIR_ViaServlet:407->AbstractAuthenticationTestCase.getWhoAmI:359->AbstractAuthenticationTestCase.get:377->AbstractAuthenticationTestCase.execute:393 » IO Tests run: 38, Failures: 11, Errors: 16, Skipped: 0 {noformat} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8238) Unable to undefine credential-reference

by Tomas Hofman (JIRA)

[ https://issues.jboss.org/browse/WFLY-8238?page=com.atlassian.jira.plugin.... ] Tomas Hofman commented on WFLY-8238: ------------------------------------ [~mchoma] sure I can. > Unable to undefine credential-reference > --------------------------------------- > > Key: WFLY-8238 > URL: https://issues.jboss.org/browse/WFLY-8238 > Project: WildFly > Issue Type: Bug > Components: JMS, Security > Reporter: Claudio Miranda > Assignee: Tomas Hofman > > A bridge is added and a credential-reference is set. > However a "password" attribute cannot be set as the alternatives constraint validates the data, but the password attribute has a default value. > Also neither credential-reference and password are required=true, so they may be undefined. > {code} > /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:add(discovery-group=mane,queue-name=DLQ,forwarding-address=DLQ) > /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:write-attribute(name=credential-reference,value={clear-text=senha1}) > /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:undefine-attribute(name=credential-reference) > { > "outcome" => "failed", > "failure-description" => {"domain-failure-description" => "WFLYMSGAMQ0069: Attribute (credential-reference) can not been undefined as the resource does not define any alternative to this attribute."}, > "rolled-back" => true > } > {code} > The same problem, when user adds a bridge with a password and later wants to undefine it to add a credential-reference > {code} > /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:add(discovery-group=mane,queue-name=DLQ,forwarding-address=DLQ,password=senha1) > /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:undefine-attribute(name=password) > { > "outcome" => "failed", > "failure-description" => {"domain-failure-description" => "WFLYMSGAMQ0069: Attribute (password) can not been undefined as the resource does not define any alternative to this attribute."}, > "rolled-back" => true > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8254) Changing sasl-authentication-factory in management interface ends in reload-required state

by Martin Choma (JIRA)

Martin Choma created WFLY-8254: ---------------------------------- Summary: Changing sasl-authentication-factory in management interface ends in reload-required state Key: WFLY-8254 URL: https://issues.jboss.org/browse/WFLY-8254 Project: WildFly Issue Type: Bug Components: Security Reporter: Martin Choma Assignee: Darran Lofthouse Attribute sasl-authentication-factory is described as follows {code} "sasl-authentication-factory" => { "type" => STRING, "description" => "The server side SASL authentication policy to use to secure the interface where the connection is after a HTTP upgrade.", "expressions-allowed" => false, "required" => false, "nillable" => true, "capability-reference" => "org.wildfly.security.sasl-authentication-factory", "min-length" => 1L, "max-length" => 2147483647L } {code} Documenation [1] says: no-services – Applying the operation to the runtime does not require the restart of any services. This value is the default if the restart-required descriptor is not present. But when I try to change it I get: {code} [standalone@localhost:9990 /] /core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade.sasl-authentication-factory, value=application-sasl-authentication) { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } } {code} Probably some proper value for "restart-required" should be used. "restart-required" => "all-services" ? [1] https://docs.jboss.org/author/display/WFLY/Description+of+the+Management+... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8252) HttpServletRequest.logout() doesn't work with Elytron

by Stuart Douglas (JIRA)

[ https://issues.jboss.org/browse/WFLY-8252?page=com.atlassian.jira.plugin.... ] Stuart Douglas commented on WFLY-8252: -------------------------------------- https://github.com/wildfly-security/elytron-web/pull/78 https://github.com/wildfly-security/wildfly-elytron/pull/696 > HttpServletRequest.logout() doesn't work with Elytron > ----------------------------------------------------- > > Key: WFLY-8252 > URL: https://issues.jboss.org/browse/WFLY-8252 > Project: WildFly > Issue Type: Bug > Components: Security, Web (Undertow) > Reporter: Josef Cacek > Assignee: Stuart Douglas > Priority: Blocker > > Calling {{HttpServletRequest.logout()}} leaves user logged in if Elytron security is used. > This means security flaw, therefor setting priority to blocker. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (JBJCA-1330) XA Stats not updated when the provided XAResource already implements XAResourceWrapper

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/JBJCA-1330?page=com.atlassian.jira.plugin... ] Kabir Khan commented on JBJCA-1330: ----------------------------------- [~rsvoboda] This was reported on the Alpha readiness spreadsheet, but appears to already have been fixed in DR11 CC [~jmesnil] > XA Stats not updated when the provided XAResource already implements XAResourceWrapper > --------------------------------------------------------------------------------------- > > Key: JBJCA-1330 > URL: https://issues.jboss.org/browse/JBJCA-1330 > Project: IronJacamar > Issue Type: Bug > Affects Versions: WildFly/IronJacamar 1.3.4.Final > Reporter: Jeff Mesnil > Assignee: Stefano Maestri > Fix For: WildFly/IronJacamar 1.4.1.Final > > > Use case: provide XA statistics to WildFly's messaging-activemq pooled-connection-factory leveraging org.jboss.as.connector.dynamicresource.StatisticsResourceDefinition. > I have a dev branch[1] for this and pool statistics (from org.jboss.jca.core.api.connectionmanager.pool.PoolStatistics) are updated as expected. > However xa stats (from org.jboss.jca.core.spi.transaction.XAResourceStatistics) are not updated. > The pooled-connection-factory uses a XAPool and its XAResource implementation extends org.jboss.jca.core.spi.transaction.xa.XAResourceWrapper[2]. > Doing some debugging, the code at [3] does not look correct. The provided xar extends XAResourceWrapper, so txIntegration.createXAResourceWrapper() is not called and the xar is not wrapped by a XAResourceWrapperStatImpl that is the code responsible to update XA stats. > [1] https://github.com/jmesnil/wildfly/tree/WFLY-3636_pooled-connection-facto... > [2] https://github.com/rh-messaging/artemis-wildfly-integration/blob/master/s... > [3] https://github.com/ironjacamar/ironjacamar/blob/1.3/core/src/main/java/or... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8253) Premature validation in Naming subsystem

by Eduardo Martins (JIRA)

[ https://issues.jboss.org/browse/WFLY-8253?page=com.atlassian.jira.plugin.... ] Eduardo Martins reopened WFLY-8253: ----------------------------------- > Premature validation in Naming subsystem > ---------------------------------------- > > Key: WFLY-8253 > URL: https://issues.jboss.org/browse/WFLY-8253 > Project: WildFly > Issue Type: Bug > Components: Naming > Reporter: Eduardo Martins > Assignee: Eduardo Martins > > If composite operation is performed on naming subsystem and member operation are in wrong order the composite operation is not performed and all changes are rolled back. See https://issues.jboss.org/browse/JBEAP-6418?focusedCommentId=13314862&page... > and https://issues.jboss.org/browse/JBEAP-6418?focusedCommentId=13314879&page... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8253) Premature validation in Naming subsystem

by Eduardo Martins (JIRA)

[ https://issues.jboss.org/browse/WFLY-8253?page=com.atlassian.jira.plugin.... ] Eduardo Martins moved JBEAP-9166 to WFLY-8253: ---------------------------------------------- Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-8253 (was: JBEAP-9166) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Naming (was: Naming) Affects Version/s: (was: 7.1.0.DR8) > Premature validation in Naming subsystem > ---------------------------------------- > > Key: WFLY-8253 > URL: https://issues.jboss.org/browse/WFLY-8253 > Project: WildFly > Issue Type: Bug > Components: Naming > Reporter: Eduardo Martins > Assignee: Eduardo Martins > > If composite operation is performed on naming subsystem and member operation are in wrong order the composite operation is not performed and all changes are rolled back. See https://issues.jboss.org/browse/JBEAP-6418?focusedCommentId=13314862&page... > and https://issues.jboss.org/browse/JBEAP-6418?focusedCommentId=13314879&page... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8202) CS tool, format Missing required option

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/WFLY-8202?page=com.atlassian.jira.plugin.... ] Ilia Vassilev reassigned WFLY-8202: ----------------------------------- Assignee: Ilia Vassilev (was: Darran Lofthouse) > CS tool, format Missing required option > --------------------------------------- > > Key: WFLY-8202 > URL: https://issues.jboss.org/browse/WFLY-8202 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Ilia Vassilev > Labels: credential-store, user_experience, wildfly-elytron-tool > > There is validation on required option. > {code} > [mchoma@localhost bin]$ java -jar wildfly-elytron-tool.jar credential-store > Missing required option: [-a Add new alias to the credential store, -r Remove alias from the credential store, -e Check if alias exists within the credential store, -v Display all aliases, -h Get help with usage of this command][mchoma@localhost bin]$ > {code} > However it is one line message. I would prefer mulitline message for readability as > {code} > [mchoma@localhost bin]$ java -jar wildfly-elytron-tool.jar credential-store > Missing one of required options: > -a Add new alias to the credential store, > -r Remove alias from the credential store, > -e Check if alias exists within the credential store, > -v Display all aliases, > -h Get help with usage of this command > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1964) Internal ModelControllerClient should bypass access control by default

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1964?page=com.atlassian.jira.plugi... ] Brian Stansberry resolved WFCORE-1964. -------------------------------------- Assignee: Brian Stansberry (was: Darran Lofthouse) Resolution: Done If https://github.com/wildfly/wildfly-core/pull/2205/commits/0ed7c89904db057... isn't what you had in mind here, please re-open. > Internal ModelControllerClient should bypass access control by default > ---------------------------------------------------------------------- > > Key: WFCORE-1964 > URL: https://issues.jboss.org/browse/WFCORE-1964 > Project: WildFly Core > Issue Type: Task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Brian Stansberry > Priority: Blocker > Fix For: 3.0.0.Beta6 > > > This is continuing compatibility where in-vm clients can perform actions without triggering management access control. > It would be nice also if we could find a way to make it possible to selectively disable this for cases where we want identity propagation between applications and the management tier. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1507) Expose the ModelController via a capability

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1507?page=com.atlassian.jira.plugi... ] Brian Stansberry commented on WFCORE-1507: ------------------------------------------ This is partially complete via https://github.com/wildfly/wildfly-core/pull/2205. I'm not resolving it yet as I also want to break out the getNotificationRegistry() method, as that's valid for use by extensions while the rest of ModelController is not. > Expose the ModelController via a capability > ------------------------------------------- > > Key: WFCORE-1507 > URL: https://issues.jboss.org/browse/WFCORE-1507 > Project: WildFly Core > Issue Type: Enhancement > Components: Domain Management > Reporter: Brian Stansberry > Assignee: Brian Stansberry > > A server installs ServerService while an HC installs DomainModelControllerService, under different service names but both of which implement Service<ModelController>. To make it easier for subsystems that want ModelController access to work on both a server and an HC, we should create a capability with service type ModelController and have both processes use it. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017