[JBoss JIRA] (JGRP-1487) X509Token Authentication vulnerable to replay attacks
by sreenivas chinimilli (JIRA)
sreenivas chinimilli created JGRP-1487:
------------------------------------------
Summary: X509Token Authentication vulnerable to replay attacks
Key: JGRP-1487
URL: https://issues.jboss.org/browse/JGRP-1487
Project: JGroups
Issue Type: Bug
Affects Versions: 3.0.9
Reporter: sreenivas chinimilli
Assignee: Bela Ban
In the implementation of X509Token Authentication
The auth_value is enrypted with the certificate within the keystore and
during verification encrypted auth value is decrypted with the private key
compared against the orignial auth value.
This implementation is prone to replay attacks, that is
any user with out having any knowledge of the auth value can join the group
by replaying the enrypted auth value captured in earlier sessions.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 8 months
[JBoss JIRA] Created: (JBBUILD-670) Migrate existing Nexus Audit information to standard XML format
by Paul Gier (JIRA)
Migrate existing Nexus Audit information to standard XML format
---------------------------------------------------------------
Key: JBBUILD-670
URL: https://issues.jboss.org/browse/JBBUILD-670
Project: JBoss Build System
Issue Type: Task
Reporter: Paul Gier
Assignee: John Casey
Fix For: Build Support 2011
We currently have audit information (username, timestamp) stored in .json files in the repository. Nexus uses an XML format to store this information, and recent versions of Nexus allow easy way to view this information in the Nexus UI. The existing audit information should be migrated to the standard Nexus XML format.
These XML files are located in the directory "sonatype-work/nexus/proxy/attributes". For each file in each Maven repository hosted by Nexus, there is a file with the same name in this attributes directory. For example, "sonatype-work/nexus/proxy/attributes/jboss-releases/org/jboss/javaee/jboss-servlet-api/2.5.0.GA/jboss-servlet-api-2.5.0.GA.jar" is actually an XML file containing the attributes for the named jar file.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 8 months
[JBoss JIRA] Created: (JBBUILD-523) Issues with custom packaging in maven
by Paul Gier (JIRA)
Issues with custom packaging in maven
-------------------------------------
Key: JBBUILD-523
URL: https://jira.jboss.org/jira/browse/JBBUILD-523
Project: JBoss Build System
Issue Type: Task
Components: Maven
Reporter: Paul Gier
Fix For: Maven Build - Maint 2009
Steve ran into some issues when using custom packaging for the jdocbook plugin.
- Transitive dependency resolution does not work
- Two dependencies with the same packaging but different artifact handlers cannot both be resolved, because no info about the handler is encoded into the repo
- The plugin containing the custom packaging needs to programmatically register the artifact handler in addition to specifiying it in the components.xml
this has to be done by:
(1) retrieve the handler using @parameter expression="${component.org.apache.maven.artifact.handler.ArtifactHandler#jdocbook-style}"
(2) manually register it using project.getArtifact().setArtifactHandler( artifactHandler );
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 8 months
[JBoss JIRA] (AS7-3585) Allign deployment phases with OSGi terminology
by Thomas Diesler (JIRA)
Thomas Diesler created AS7-3585:
-----------------------------------
Summary: Allign deployment phases with OSGi terminology
Key: AS7-3585
URL: https://issues.jboss.org/browse/AS7-3585
Project: Application Server 7
Issue Type: Task
Components: OSGi, Server
Reporter: Thomas Diesler
Assignee: Thomas Diesler
Fix For: 7.2.0.Alpha1
In OSGi we have
* INSTALLED
* RESOLVED
* ACTIVE
* UNINSTALLED
It'd be useful to talk about modules and osgi bundles in the same jagon - i.e
If a deployment is INSTALLED it has valid metadata
If a deployment is RESOLVED it has Module/ClassLoader associated
If a deployment is ACTIVE it can perform its normal operation
If a deployment is UNINSTALLED it can be removed from the system
The task here is mainly to rename/revisit the deployment phases
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 8 months
[JBoss JIRA] Created: (AS7-1326) Cannot redeploy OSGi bundle that is wired to webapp
by Thomas Diesler (JIRA)
Cannot redeploy OSGi bundle that is wired to webapp
---------------------------------------------------
Key: AS7-1326
URL: https://issues.jboss.org/browse/AS7-1326
Project: Application Server 7
Issue Type: Bug
Affects Versions: 7.0.0.Final
Reporter: Thomas Diesler
Assignee: Thomas Diesler
{code}
09:12:12,719 ERROR [org.jboss.msc.service] (MSC service thread 1-1) MSC00002: Invocation of listener "org.jboss.as.osgi.deployment.BundleStartTracker$1@2789a406" failed: org.jboss.msc.service.DuplicateServiceException: Service jboss.module.spec.service."deployment.jboss-osgi-example-jbossas-bundle"."0.0.0" is already registered
at org.jboss.msc.service.ServiceRegistrationImpl.setInstance(ServiceRegistrationImpl.java:154)
at org.jboss.msc.service.ServiceControllerImpl.startInstallation(ServiceControllerImpl.java:226)
at org.jboss.msc.service.ServiceContainerImpl.install(ServiceContainerImpl.java:560)
at org.jboss.msc.service.ServiceTargetImpl.install(ServiceTargetImpl.java:201)
at org.jboss.msc.service.ServiceControllerImpl$ChildServiceTarget.install(ServiceControllerImpl.java:2194)
at org.jboss.msc.service.ServiceBuilderImpl.install(ServiceBuilderImpl.java:307)
at org.jboss.as.osgi.service.ModuleLoaderIntegration.addModule(ModuleLoaderIntegration.java:122)
at org.jboss.osgi.framework.internal.ModuleManagerPlugin.createHostModule(ModuleManagerPlugin.java:340)
at org.jboss.osgi.framework.internal.ModuleManagerPlugin.addModule(ModuleManagerPlugin.java:225)
at org.jboss.osgi.framework.internal.ResolverPlugin.addModules(ResolverPlugin.java:248)
at org.jboss.osgi.framework.internal.ResolverPlugin.applyResolverResults(ResolverPlugin.java:226)
at org.jboss.osgi.framework.internal.ResolverPlugin.resolve(ResolverPlugin.java:161)
at org.jboss.osgi.framework.internal.AbstractBundleState.ensureResolved(AbstractBundleState.java:551)
at org.jboss.osgi.framework.internal.HostBundleState.startInternal(HostBundleState.java:210)
at org.jboss.osgi.framework.internal.AbstractBundleState.start(AbstractBundleState.java:494)
at org.jboss.as.osgi.deployment.BundleStartTracker$1.processService(BundleStartTracker.java:146)
at org.jboss.as.osgi.deployment.BundleStartTracker$1.transition(BundleStartTracker.java:121)
{code}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 8 months
[JBoss JIRA] (AS7-4243) Required changes to deployment layer
by Thomas Diesler (JIRA)
Thomas Diesler created AS7-4243:
-----------------------------------
Summary: Required changes to deployment layer
Key: AS7-4243
URL: https://issues.jboss.org/browse/AS7-4243
Project: Application Server 7
Issue Type: Task
Components: OSGi, Server
Reporter: Thomas Diesler
Assignee: Thomas Diesler
Fix For: 7.2.0.Alpha1
This is the umbrella task for the following
#1 Allign deployment phases with bundle lifecyle. It should be possible for DUPs to operate of resolved bundles that have an associated Module
#2 Add start/stop lifecycle for deployments. Bundles as well as JSR88 deployments have the notion of start/stop
#3 Allow DUPs to operate on a set of deployments. It should be possible to deploy a set of bundles in arbitrary order. When all deployments in the set are installed - they can be resolved/started.
#4 Allow the management client to associate metadata with a deployment that can be seen by the DUPs. This is needed to be able to specify autostart behavior and a potential start level.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 8 months