July 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (SECURITY-973) Update License Information

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-973?page=com.atlassian.jira.plug... ] Darran Lofthouse resolved SECURITY-973. --------------------------------------- Resolution: Done > Update License Information > -------------------------- > > Key: SECURITY-973 > URL: https://issues.jboss.org/browse/SECURITY-973 > Project: PicketBox > Issue Type: Task > Components: Negotiation > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: Negotiation_3_0_5_CR1 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-974) Update JBoss Negotiation SCM information

by Darran Lofthouse (JIRA)

Darran Lofthouse created SECURITY-974: ----------------------------------------- Summary: Update JBoss Negotiation SCM information Key: SECURITY-974 URL: https://issues.jboss.org/browse/SECURITY-974 Project: PicketBox Issue Type: Task Components: Negotiation Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: Negotiation_3_0_5_CR1 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (REMJMX-152) Ensure we have a LICENSE.txt in the root of the project and specified in the pom

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/REMJMX-152?page=com.atlassian.jira.plugin... ] Darran Lofthouse resolved REMJMX-152. ------------------------------------- Resolution: Done > Ensure we have a LICENSE.txt in the root of the project and specified in the pom > -------------------------------------------------------------------------------- > > Key: REMJMX-152 > URL: https://issues.jboss.org/browse/REMJMX-152 > Project: Remoting JMX > Issue Type: Task > Components: Build > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.CR2 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (REMJMX-152) Ensure we have a LICENSE.txt in the root of the project and specified in the pom

by Darran Lofthouse (JIRA)

Darran Lofthouse created REMJMX-152: --------------------------------------- Summary: Ensure we have a LICENSE.txt in the root of the project and specified in the pom Key: REMJMX-152 URL: https://issues.jboss.org/browse/REMJMX-152 Project: Remoting JMX Issue Type: Task Components: Build Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 3.0.0.CR2 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (REMJMX-151) Bring dependencies in-line with WildFly Core

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/REMJMX-151?page=com.atlassian.jira.plugin... ] Darran Lofthouse resolved REMJMX-151. ------------------------------------- Resolution: Done > Bring dependencies in-line with WildFly Core > -------------------------------------------- > > Key: REMJMX-151 > URL: https://issues.jboss.org/browse/REMJMX-151 > Project: Remoting JMX > Issue Type: Task > Components: Build > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.CR2 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3111) Legacy ldap realm, caching by access time doesn't "clear" timeout for already cached entry

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3111?page=com.atlassian.jira.plugi... ] RH Bugzilla Integration updated WFCORE-3111: -------------------------------------------- Bugzilla Update: Perform > Legacy ldap realm, caching by access time doesn't "clear" timeout for already cached entry > ------------------------------------------------------------------------------------------- > > Key: WFCORE-3111 > URL: https://issues.jboss.org/browse/WFCORE-3111 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta27 > Reporter: Jiri Ondrusek > Assignee: Jiri Ondrusek > Priority: Blocker > Fix For: 3.0.0.CR1 > > > If ldap cache by access time is used cached entry will be evicted by timeout even if it is accessed again within timeout interval. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (REMJMX-151) Bring dependencies in-line with WildFly Core

by Darran Lofthouse (JIRA)

Darran Lofthouse created REMJMX-151: --------------------------------------- Summary: Bring dependencies in-line with WildFly Core Key: REMJMX-151 URL: https://issues.jboss.org/browse/REMJMX-151 Project: Remoting JMX Issue Type: Task Components: Build Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 3.0.0.CR2 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3116) Elytron subsystem does not expose digest-sha-384 for digest password

by Yeray Borges (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3116?page=com.atlassian.jira.plugi... ] Yeray Borges updated WFCORE-3116: --------------------------------- Affects Version/s: 3.0.0.Beta28 > Elytron subsystem does not expose digest-sha-384 for digest password > -------------------------------------------------------------------- > > Key: WFCORE-3116 > URL: https://issues.jboss.org/browse/WFCORE-3116 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta28 > Reporter: Yeray Borges > Assignee: Yeray Borges > > For the sake of completeness add digest-sha-384 to allowed values of algorithm attribute of set-password operation > {code:title=/subsystem=elytron/ldap-realm=a:read-operation-description(name=set-password)} > "digest" => { > "type" => OBJECT, > "description" => "A digest password.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "value-type" => { > "algorithm" => { > "type" => STRING, > "description" => "The algorithm used to encrypt the password.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "default" => "digest-sha-512", > "allowed" => [ > "digest-md5", > "digest-sha", > "digest-sha-256", > "digest-sha-512" > ] > }, > "password" => { > "type" => STRING, > "description" => "The actual password to set.", > "expressions-allowed" => false, > "required" => true, > "nillable" => false, > "min-length" => 1L, > "max-length" => 2147483647L > }, > "realm" => { > "type" => STRING, > "description" => "The realm.", > "expressions-allowed" => false, > "required" => true, > "nillable" => false, > "min-length" => 1L, > "max-length" => 2147483647L > } > } > }, > {code} > Passwords of types otp, salted-simple-digest, simple-digest already expose sha-384 variant. > Seems to me underlying Elytron implementation is already prepared for that. > {code:java|title=DigestPasswordImpl.java} > private static MessageDigest getMessageDigest(final String algorithm) throws NoSuchAlgorithmException { > switch (algorithm) { > case ALGORITHM_DIGEST_MD5: > return MessageDigest.getInstance("MD5"); > case ALGORITHM_DIGEST_SHA: > return MessageDigest.getInstance("SHA-1"); > case ALGORITHM_DIGEST_SHA_256: > return MessageDigest.getInstance("SHA-256"); > case ALGORITHM_DIGEST_SHA_384: > return MessageDigest.getInstance("SHA-384"); > case ALGORITHM_DIGEST_SHA_512: > return MessageDigest.getInstance("SHA-512"); > default: > throw log.noSuchAlgorithmInvalidAlgorithm(algorithm); > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3116) Elytron subsystem does not expose digest-sha-384 for digest password

by Yeray Borges (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3116?page=com.atlassian.jira.plugi... ] Yeray Borges moved JBEAP-12383 to WFCORE-3116: ---------------------------------------------- Project: WildFly Core (was: JBoss Enterprise Application Platform) Key: WFCORE-3116 (was: JBEAP-12383) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Security (was: Security) Affects Version/s: (was: 7.1.0.ER2) > Elytron subsystem does not expose digest-sha-384 for digest password > -------------------------------------------------------------------- > > Key: WFCORE-3116 > URL: https://issues.jboss.org/browse/WFCORE-3116 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Yeray Borges > Assignee: Yeray Borges > > For the sake of completeness add digest-sha-384 to allowed values of algorithm attribute of set-password operation > {code:title=/subsystem=elytron/ldap-realm=a:read-operation-description(name=set-password)} > "digest" => { > "type" => OBJECT, > "description" => "A digest password.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "value-type" => { > "algorithm" => { > "type" => STRING, > "description" => "The algorithm used to encrypt the password.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "default" => "digest-sha-512", > "allowed" => [ > "digest-md5", > "digest-sha", > "digest-sha-256", > "digest-sha-512" > ] > }, > "password" => { > "type" => STRING, > "description" => "The actual password to set.", > "expressions-allowed" => false, > "required" => true, > "nillable" => false, > "min-length" => 1L, > "max-length" => 2147483647L > }, > "realm" => { > "type" => STRING, > "description" => "The realm.", > "expressions-allowed" => false, > "required" => true, > "nillable" => false, > "min-length" => 1L, > "max-length" => 2147483647L > } > } > }, > {code} > Passwords of types otp, salted-simple-digest, simple-digest already expose sha-384 variant. > Seems to me underlying Elytron implementation is already prepared for that. > {code:java|title=DigestPasswordImpl.java} > private static MessageDigest getMessageDigest(final String algorithm) throws NoSuchAlgorithmException { > switch (algorithm) { > case ALGORITHM_DIGEST_MD5: > return MessageDigest.getInstance("MD5"); > case ALGORITHM_DIGEST_SHA: > return MessageDigest.getInstance("SHA-1"); > case ALGORITHM_DIGEST_SHA_256: > return MessageDigest.getInstance("SHA-256"); > case ALGORITHM_DIGEST_SHA_384: > return MessageDigest.getInstance("SHA-384"); > case ALGORITHM_DIGEST_SHA_512: > return MessageDigest.getInstance("SHA-512"); > default: > throw log.noSuchAlgorithmInvalidAlgorithm(algorithm); > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2402) Required attributes of elytron key-store creation add operation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2402?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2402. -------------------------------------- Resolution: Won't Fix > Required attributes of elytron key-store creation add operation > --------------------------------------------------------------- > > Key: WFCORE-2402 > URL: https://issues.jboss.org/browse/WFCORE-2402 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > Assignee: ehsavoie Hugonnet > Priority: Critical > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > Minimal CLI command to create key store is > {code} > /subsystem=elytron/key-store=server:add(type="JKS") > {code} > But it has these problems: > * Password attribute has to be required. I can't think of case when that could be ommited. > * Attribute {{type}} could be optional. If not set default value can be Keystore.getDefaultType(). As model cant't express this, it can be documented in description. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2017