[JBoss JIRA] (AS7-6203) WebSSLDefinition NAME attribute is read-write
by Brian Stansberry (JIRA)
Brian Stansberry created AS7-6203:
-------------------------------------
Summary: WebSSLDefinition NAME attribute is read-write
Key: AS7-6203
URL: https://issues.jboss.org/browse/AS7-6203
Project: Application Server 7
Issue Type: Bug
Components: Domain Management, Web
Affects Versions: 7.1.3.Final (EAP)
Reporter: Brian Stansberry
Priority: Minor
Fix For: 7.3.0.Alpha1
WebSSLDefinition has a read-write attribute NAME that AFAICT merely stores the name of an xml element. If the attribute represents part of a resource address it should be read-only. If it's just some cruft (which appears to be the case), it should be deprecated and removed in some later release.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 6 months
[JBoss JIRA] (AS7-6186) Mojarra 2.1.16 upgrade breaks Seam2.3.0 conversations
by Marek Schmidt (JIRA)
[ https://issues.jboss.org/browse/AS7-6186?page=com.atlassian.jira.plugin.s... ]
Marek Schmidt updated AS7-6186:
-------------------------------
Attachment: AS7-6186-viewMap.tar
reproducer source
> Mojarra 2.1.16 upgrade breaks Seam2.3.0 conversations
> -----------------------------------------------------
>
> Key: AS7-6186
> URL: https://issues.jboss.org/browse/AS7-6186
> Project: Application Server 7
> Issue Type: Bug
> Components: JSF
> Affects Versions: 7.1.4.Final (EAP)
> Environment: Current 7.1.4.Final-SNAPSHOT (2012-12-15), Mojarra 2.1.16, Seam2.3.0.Final
> Reporter: Marek Schmidt
> Assignee: Stan Silvert
> Priority: Critical
> Attachments: AS7-6186-viewMap.tar, AS7-6186-viewMap.war, seam-booking.ear
>
>
> Recent Mojarra upgrade seems to break Seam 2.3.0 conversations.
> Not exactly sure yet what has changed and whether it is a Mojarra bug or Seam depending on something it shouldn't.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 6 months
[JBoss JIRA] (SECURITY-711) LdapExtAdLoginModule proposal for inclusion
by Anil Saldhana (JIRA)
[ https://issues.jboss.org/browse/SECURITY-711?page=com.atlassian.jira.plug... ]
Anil Saldhana commented on SECURITY-711:
----------------------------------------
Peter - I am unsure if you have been following on the latest security work we are doing for PicketLink v3. There is a lot of LDAP related stuff ongoing.
http://lists.jboss.org/pipermail/security-dev/
To subscribe: https://lists.jboss.org/mailman/listinfo/security-dev
We hope you can become a valuable contributor. :)
Regarding this JIRA issue, I am going to sit on it until we get AD testing in place.
> LdapExtAdLoginModule proposal for inclusion
> -------------------------------------------
>
> Key: SECURITY-711
> URL: https://issues.jboss.org/browse/SECURITY-711
> Project: PicketBox
> Issue Type: Patch
> Security Level: Public(Everyone can see)
> Components: PicketBox, Security SPI
> Affects Versions: PicketBox_4_0_14.Final
> Environment: jboss7, active directory authentication
> Reporter: Péter Radics
> Assignee: Anil Saldhana
> Priority: Minor
> Labels: LdapExtLoginModule, active-directory, security
> Attachments: picketbox-r359-LdapExtLoginModule.patch, picketbox-r362-LdapExtAdLoginModule.patch, picketbox-r363-LdapExtAdLoginModule-with-history.patch
>
> Original Estimate: 1 week
> Remaining Estimate: 1 week
>
> Please consider including the attached LdapExtAdLoginModule into the official release. This login module is based on r362 of LdapExtLoginModule, but it's better suited for deeply nested Active Directory domains: it only uses one search for the userDN then it's resolving the roles recursively by querying attributes on DNs only. (as a side-effect, it doesn't trigger AS7-5737)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 6 months
[JBoss JIRA] (AS7-5269) HornetQ interceptors are not supported
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/AS7-5269?page=com.atlassian.jira.plugin.s... ]
Brian Stansberry commented on AS7-5269:
---------------------------------------
The configuration for these should support a module attribute so they can be loaded without requiring a modification to the HQ subsystem module's module.xml.
> HornetQ interceptors are not supported
> --------------------------------------
>
> Key: AS7-5269
> URL: https://issues.jboss.org/browse/AS7-5269
> Project: Application Server 7
> Issue Type: Bug
> Components: JMS
> Affects Versions: 7.1.2.Final (EAP)
> Reporter: Jeff Mesnil
> Assignee: Jeff Mesnil
> Fix For: 7.1.3.Final (EAP), 7.2.0.Alpha1
>
>
> HornetQ interceptors are not supported by the messaging subsystem.
> Their attributes are handled by the XML parser but they are not set when adding the HornetQ server instance.
> Moreover, passing the interceptor class name is not enough. Since they are loaded by HornetQ, its classloader must be able to access them. The interceptors must be put in a JBoss module that is declared as a transitive dependency of org.hornetq module.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 6 months
[JBoss JIRA] (SECURITY-703) Picketbox logs an ERROR on each failed login
by Stefan Guilhen (JIRA)
[ https://issues.jboss.org/browse/SECURITY-703?page=com.atlassian.jira.plug... ]
Stefan Guilhen closed SECURITY-703.
-----------------------------------
Fix Version/s: PIcketBox_4_0_15.Final
Resolution: Done
I've changed the log level of failed login attempts to DEBUG to avoid polluting the AS logs with error messages. Users can still investigate failed logins by adding a org.jboss.security category with level = DEBUG.
> Picketbox logs an ERROR on each failed login
> --------------------------------------------
>
> Key: SECURITY-703
> URL: https://issues.jboss.org/browse/SECURITY-703
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Reporter: Thomas Heute
> Assignee: Stefan Guilhen
> Priority: Critical
> Fix For: PIcketBox_4_0_15.Final
>
>
> Picketbox logs an ERROR with a stacktrace on each failed login:
> See:
> catch (LoginException e)
> {
> // Don't log anonymous user failures unless trace level logging is on
> if (principal != null && principal.getName() != null)
> PicketBoxLogger.LOGGER.errorDuringLogin(e);
> authException = e;
> }
> 09:57:30,100 ERROR [org.jboss.security] (http-/127.0.0.1:8080-6) PBOX000206: Login failure: javax.security.auth.login.LoginException: Login failed for
> at org.exoplatform.services.security.jaas.DefaultLoginModule.login(DefaultLoginModule.java:136) [exo.core.component.security.core-2.5.0-CR1.jar:2.5.0-CR1]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_25]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_25]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_25]
> at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_25]
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [rt.jar:1.6.0_25]
> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [rt.jar:1.6.0_25]
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [rt.jar:1.6.0_25]
> at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_25]
> at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.6.0_25]
> at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [rt.jar:1.6.0_25]
> at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.13.Final-redhat-1.jar:4.0.13.Final-redhat-1]
> in http://anonsvn.jboss.org/repos/picketbox/tags/4.0.14.Final/picketbox-infi...
> Failed login are expected from users and shouldn't be logged. This will seriously pollute EPP 6 logs.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 6 months
[JBoss JIRA] (SECURITY-665) Incorrect warning about invalid option passwordIsA1Hash in login modules
by Stefan Guilhen (JIRA)
[ https://issues.jboss.org/browse/SECURITY-665?page=com.atlassian.jira.plug... ]
Stefan Guilhen closed SECURITY-665.
-----------------------------------
Fix Version/s: PIcketBox_4_0_15.Final
Resolution: Done
The passwordIsA1Hash option has been added to the set of valid options in UsernamePasswordLoginModule.
> Incorrect warning about invalid option passwordIsA1Hash in login modules
> ------------------------------------------------------------------------
>
> Key: SECURITY-665
> URL: https://issues.jboss.org/browse/SECURITY-665
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: PicketBox_v4_0_9.Final
> Reporter: Martin Gencur
> Assignee: Stefan Guilhen
> Fix For: PIcketBox_4_0_15.Final
>
>
> As I described in in my last post in https://community.jboss.org/message/744521#744521, I had a problem with DIGEST authentication and passwordIsA1Hash option configured in JBossAS 7.
> IMO one of the following classes should enlist passwordIsA1Hash option among their valid options: AbstractServerLoginModule, UsernamePasswordLoginModule, UsersRolesLoginModule. Now it's missing and login modules scream that the option is invalid (in my case UsersRolesLoginModule).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 6 months