jboss-jira October 2018

jboss-jira@lists.jboss.org

1 participants
2664 discussions

[JBoss JIRA] (WFCORE-4142) Elytron does not do RunAs identity remote propagation

by Teresa Miyar (JIRA)

[ https://issues.jboss.org/browse/WFCORE-4142?page=com.atlassian.jira.plugi... ] Teresa Miyar updated WFCORE-4142: --------------------------------- Labels: downstream_dependency (was: ) > Elytron does not do RunAs identity remote propagation > ----------------------------------------------------- > > Key: WFCORE-4142 > URL: https://issues.jboss.org/browse/WFCORE-4142 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Teresa Miyar > Assignee: Teresa Miyar > Labels: downstream_dependency > > Elytron does not do RunAs identity remote propagation > -> EJB with @RunAs("ejbuser") -> remote EJB , where Elytron security forwarding is configured, @RunAs is not working. And caused authentication error when trying to call the 2nd server when @RunAs is added. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4142) [GSS](7.1.z) Elytron does not do RunAs identity remote propagation

by Teresa Miyar (JIRA)

[ https://issues.jboss.org/browse/WFCORE-4142?page=com.atlassian.jira.plugi... ] Teresa Miyar moved JBEAP-15553 to WFCORE-4142: ---------------------------------------------- Project: WildFly Core (was: JBoss Enterprise Application Platform) Key: WFCORE-4142 (was: JBEAP-15553) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Security (was: Security) > [GSS](7.1.z) Elytron does not do RunAs identity remote propagation > ------------------------------------------------------------------ > > Key: WFCORE-4142 > URL: https://issues.jboss.org/browse/WFCORE-4142 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Teresa Miyar > Assignee: Teresa Miyar > > Elytron does not do RunAs identity remote propagation > -> EJB with @RunAs("ejbuser") -> remote EJB , where Elytron security forwarding is configured, @RunAs is not working. And caused authentication error when trying to call the 2nd server when @RunAs is added. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4142) Elytron does not do RunAs identity remote propagation

by Teresa Miyar (JIRA)

[ https://issues.jboss.org/browse/WFCORE-4142?page=com.atlassian.jira.plugi... ] Teresa Miyar updated WFCORE-4142: --------------------------------- Summary: Elytron does not do RunAs identity remote propagation (was: [GSS](7.1.z) Elytron does not do RunAs identity remote propagation) > Elytron does not do RunAs identity remote propagation > ----------------------------------------------------- > > Key: WFCORE-4142 > URL: https://issues.jboss.org/browse/WFCORE-4142 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Teresa Miyar > Assignee: Teresa Miyar > > Elytron does not do RunAs identity remote propagation > -> EJB with @RunAs("ejbuser") -> remote EJB , where Elytron security forwarding is configured, @RunAs is not working. And caused authentication error when trying to call the 2nd server when @RunAs is added. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-10912) CodecSessionConfig#findSessionId() causes an incorrect JSESSIONID Set-Cookie header

by Masafumi Miura (JIRA)

[ https://issues.jboss.org/browse/WFLY-10912?page=com.atlassian.jira.plugin... ] Masafumi Miura commented on WFLY-10912: --------------------------------------- [~pferraro], I understand the responsibility of the CodecSessionConfig, but WildFly should not respond back with the JSESSIONID Cookie which is not a valid session id. > CodecSessionConfig#findSessionId() causes an incorrect JSESSIONID Set-Cookie header > ----------------------------------------------------------------------------------- > > Key: WFLY-10912 > URL: https://issues.jboss.org/browse/WFLY-10912 > Project: WildFly > Issue Type: Bug > Components: Web (Undertow) > Affects Versions: 13.0.0.Final, 14.0.0.Beta2 > Reporter: Masafumi Miura > Assignee: Paul Ferraro > > This issue is very similar to WFLY-10262/JBEAP-14641 but the condition causing the problem is a bit different. > The issue happens when the client sends JSESSIONID Cookie in the request to the web application does NOT use HttpSession. JSESSIONID Set-Cookie response header should not be sent in this scenario, but WildFly/EAP 7 returns the response with JSESSIONID reusing the requested session id which does not exist in the session manager. > The fix for WFLY-10262 / JBEAP-14641 added AttachmentKey SESSION_ID_SET to avoid invoking CodecSessionConfig#setSessionId() more than once. However, the fix does not help for this issue because CodecSessionConfig#setSessionId() is not invoked (= SESSION_ID_SET is null) before the problematic CodecSessionConfig#findSessionId() processing in this scenario. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 2 months

1
0
0 / 0

← Newer
1
...
264
265
266
267
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira October 2018