April 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2420) JMS client dependencies doesn't contain a default wildfly-config.xml

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2420?page=com.atlassian.jira.plugi... ] Kabir Khan closed WFCORE-2420. ------------------------------ > JMS client dependencies doesn't contain a default wildfly-config.xml > -------------------------------------------------------------------- > > Key: WFCORE-2420 > URL: https://issues.jboss.org/browse/WFCORE-2420 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Josef Cacek > Assignee: Jeff Mesnil > Priority: Critical > > Using the {{wildfly-jms-client-bom}} dependency for JMS clients doesn't introduce a default {{wildfly-config.xml}} with Elytron client configuration. As the result, clients are not able to authenticate (e.g. using JBOSS-LOCAL-USER SASL mechanism). > The default configuration in {{wildfly-config.xml}} should allow similar behavior as with legacy security. So the following call should pass: > {code} > ConnectionFactory connectionFactory = (ConnectionFactory) namingContext.lookup("jms/RemoteConnectionFactory"); > {code} > Currently the call throws exception: > {code} > SEVERE: Naming problem occured > javax.naming.CommunicationException: WFNAM00018: Failed to connect to remote host [Root exception is javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server are supported] > at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:110) > at org.wildfly.naming.client.remote.RemoteContext.lookupNative(RemoteContext.java:91) > at org.wildfly.naming.client.AbstractFederatingContext.lookup(AbstractFederatingContext.java:78) > at org.wildfly.naming.client.AbstractFederatingContext.lookup(AbstractFederatingContext.java:64) > at org.wildfly.naming.client.WildFlyRootContext.lookup(WildFlyRootContext.java:123) > at org.wildfly.naming.client.WildFlyRootContext.lookup(WildFlyRootContext.java:113) > at javax.naming.InitialContext.lookup(InitialContext.java:417) > at org.wildfly.security.elytron.demo.JmsClient.main(JmsClient.java:45) > Caused by: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server are supported > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:412) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:239) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) > at ...asynchronous invocation...(Unknown Source) > at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:466) > at org.jboss.remoting3.FutureConnection.connect(FutureConnection.java:113) > at org.jboss.remoting3.FutureConnection.init(FutureConnection.java:75) > at org.jboss.remoting3.FutureConnection.get(FutureConnection.java:151) > at org.jboss.remoting3.EndpointImpl.getConnection(EndpointImpl.java:422) > at org.jboss.remoting3.UncloseableEndpoint.getConnection(UncloseableEndpoint.java:57) > at org.jboss.remoting3.Endpoint.getConnection(Endpoint.java:105) > at org.wildfly.naming.client.remote.RemoteNamingProvider.lambda$new$0(RemoteNamingProvider.java:68) > at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentity(RemoteNamingProvider.java:126) > at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:108) > ... 7 more > {code} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2412) Complex type key-store in Elytron subsystem

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2412?page=com.atlassian.jira.plugi... ] Kabir Khan closed WFCORE-2412. ------------------------------ > Complex type key-store in Elytron subsystem > ------------------------------------------- > > Key: WFCORE-2412 > URL: https://issues.jboss.org/browse/WFCORE-2412 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > Elytron subsystem uses complex type in key-store resource which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2419) Complex type simple-permission-mapper in Elytron subsystem

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2419?page=com.atlassian.jira.plugi... ] Kabir Khan closed WFCORE-2419. ------------------------------ > Complex type simple-permission-mapper in Elytron subsystem > ---------------------------------------------------------- > > Key: WFCORE-2419 > URL: https://issues.jboss.org/browse/WFCORE-2419 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > Elytron subsystem uses complex type in simple-permission-mapper resource which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2411) CS with {CMD} or {EXT} pass doesn't persist type=COMMAND to configuration -> after reload it doesn't work.

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2411?page=com.atlassian.jira.plugi... ] Kabir Khan closed WFCORE-2411. ------------------------------ > CS with {CMD} or {EXT} pass doesn't persist type=COMMAND to configuration -> after reload it doesn't work. > ---------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2411 > URL: https://issues.jboss.org/browse/WFCORE-2411 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Peter Skopek > Priority: Blocker > > This issue blocks verification of this RFE https://issues.jboss.org/browse/EAP7-533. > CS with {CMD} or {EXT} pass doesn't persist type=COMMAND to configuration -> after reload it doesn't work. > You can try it by this command (you must replace path to some real file. > /subsystem=elytron/credential-store=CredStoreCMD:add(uri="cr-store://test/cs444.jceks", credential-reference={type=COMMAND, clear-text="{CMD}/real/path/to/pass-ely.sh"}) > Once the command is successful executed: > # stop the server (not necessary) > # check standalone.xml > Given CredentialStore is persisted without attribute *type="COMMAND"* -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2400) Review provider-loader resource in Elytron subsystem

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2400?page=com.atlassian.jira.plugi... ] Kabir Khan closed WFCORE-2400. ------------------------------ > Review provider-loader resource in Elytron subsystem > ---------------------------------------------------- > > Key: WFCORE-2400 > URL: https://issues.jboss.org/browse/WFCORE-2400 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > See description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2396) credential-store and authentication-context in Elytron dir-context should be mutually exclusive

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2396?page=com.atlassian.jira.plugi... ] Kabir Khan closed WFCORE-2396. ------------------------------ > credential-store and authentication-context in Elytron dir-context should be mutually exclusive > ----------------------------------------------------------------------------------------------- > > Key: WFCORE-2396 > URL: https://issues.jboss.org/browse/WFCORE-2396 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta9 > Reporter: Ondrej Lukas > Assignee: Jan Kalina > Priority: Critical > > To avoid possibility when two different credentials are configured in Elytron dir-context, its attributes credential-store and authentication-context should be mutually exclusive. > This jira is based on discussion in JBEAP-8026. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2376) There isn't possibility disable create CS file from scratch

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2376?page=com.atlassian.jira.plugi... ] Kabir Khan closed WFCORE-2376. ------------------------------ > There isn't possibility disable create CS file from scratch > ----------------------------------------------------------- > > Key: WFCORE-2376 > URL: https://issues.jboss.org/browse/WFCORE-2376 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Peter Skopek > Priority: Blocker > > There isn't possibility to disable create CS file from scratch. > Earlier we were able to set create.storage to true/false. > I can see problem in this scenario: > * I want to create new CS with path to existing CS file > * I fill wrong path > * Everything pass > But I want to use my CS file, not to create new one. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2366) Complex type jdbc-realm in Elytron subsystem

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2366?page=com.atlassian.jira.plugi... ] Kabir Khan closed WFCORE-2366. ------------------------------ > Complex type jdbc-realm in Elytron subsystem > -------------------------------------------- > > Key: WFCORE-2366 > URL: https://issues.jboss.org/browse/WFCORE-2366 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > Elytron subsystem uses complex type in jdbc-realm resource which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1675) Embedded server started non-modular use only first --jboss-home for FS paths

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1675?page=com.atlassian.jira.plugi... ] Kabir Khan closed WFCORE-1675. ------------------------------ > Embedded server started non-modular use only first --jboss-home for FS paths > ---------------------------------------------------------------------------- > > Key: WFCORE-1675 > URL: https://issues.jboss.org/browse/WFCORE-1675 > Project: WildFly Core > Issue Type: Bug > Components: CLI, Domain Management > Reporter: Ken Wills > Assignee: Ken Wills > Priority: Blocker > > First --jboss-home value passed is always used to FS paths resolution. The issue affects embed-server started using jboss-cli-client.jar. > *reproduce* > start embed server using wf1, stop it, start another embed server using wf2 > {noformat} > /home/workspace3 > ├── wf1 > │ └── wildfly-10.0 > └── wf2 > └── wildfly-10.0 > $ pwd ; java -jar jboss-cli-client.jar > [disconnected /] embed-server --jboss-home=~/workspace3/wf1/wildfly-10.0 > [standalone@embedded /] stop-embedded-server > [disconnected /] embed-server --jboss-home=~/workspace3/wf2/wildfly-10.0 > {noformat} > *actual* > _wf1_ is used > {noformat} > ... > "name" => "jboss.server.config.dir", > "path" => "/home/workspace3/wf1/wildfly-10.0/standalone/configuration", > ... > {noformat} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1282) Unable to create HTTPS connection using *ECDH_RSA* cipher suites / kECDHr cipher string

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1282?page=com.atlassian.jira.plugi... ] Kabir Khan closed WFCORE-1282. ------------------------------ > Unable to create HTTPS connection using *ECDH_RSA* cipher suites / kECDHr cipher string > --------------------------------------------------------------------------------------- > > Key: WFCORE-1282 > URL: https://issues.jboss.org/browse/WFCORE-1282 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 1.0.2.Final > Environment: Oracle Java > Reporter: Martin Choma > Assignee: Romain Pelisse > Priority: Critical > Attachments: client_debug_eap6.log, client_debug_eap7.log, server-cert-key-ec.jks, server_debug_eap6.log, server_debug_eap7.log > > > User using these cipher suites / cipher name in EAP6 won't be able to use it in EAP7. > Setting as critical as these cipher suites, are considered for strong and widely used in my opinion. > In server log, error "no cipher suites in common" can be seen using -Djavax.net.debug=all. > Note, that analogous configuration in EAP6 works fine. > Issue can be seen on Oracle Java only, as on OpenJDK / IBM these suites are not provided by method getDefaultCipherSuites(). > Also is it possible to log "no cipher suites in common" and similar tls handshake errors without -Djavax.net.debug for better troubleshooting? -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 6 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira April 2018