July 2012 - jboss-jira - Jboss List Archives

[JBoss JIRA] (AS7-4680) Logout a remote client from server and clearing login module cache.

by Serkan Yıldırım (JIRA)

Serkan Yıldırım created AS7-4680: ------------------------------------ Summary: Logout a remote client from server and clearing login module cache. Key: AS7-4680 URL: https://issues.jboss.org/browse/AS7-4680 Project: Application Server 7 Issue Type: Feature Request Components: Remoting, Security, Server Affects Versions: 7.1.1.Final Environment: java 1.6 win 7 64 bit 4 gb ram Reporter: Serkan Yıldırım Assignee: David Lloyd Priority: Blocker I have a custom login module. I authenticate and authorize a user (creating roles) by using this custom module. When i close the remote application, i want to logout the user from server so that clear login module cache, i.e deleting principals and roles from the cache. I couldn't find a solution for this problem in forum. If it exists, could you please explain it, thanks. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

4
5
0 / 0

[JBoss JIRA] (AS7-4679) Catching custom login module exceptions in remote client

by Serkan Yıldırım (JIRA)

Serkan Yıldırım created AS7-4679: ------------------------------------ Summary: Catching custom login module exceptions in remote client Key: AS7-4679 URL: https://issues.jboss.org/browse/AS7-4679 Project: Application Server 7 Issue Type: Feature Request Components: Remoting, Security, Server Affects Versions: 7.1.1.Final Environment: Win 7 64 Bit 4 GB RAM java 1.6 Reporter: Serkan Yıldırım Assignee: David Lloyd Priority: Critical This feature request is related with the discussion: https://community.jboss.org/message/732948#732948 I have custom login modules in JBOSS 7.1.2 Snapshot. They are working with no error, i can authenticate and authorize a user. However, when an exception occurs at the time of login, i.e. wrong password, i throw javax.security.auth.login.LoginException with my custom message. But i couldn't catch the exception in the remote client, how is it possible??? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

2
4
0 / 0

[JBoss JIRA] (AS7-4823) add-user has the ability to add a user and edit/replace a user - we should add delete a user

by Darran Lofthouse (JIRA)

Darran Lofthouse created AS7-4823: ------------------------------------- Summary: add-user has the ability to add a user and edit/replace a user - we should add delete a user Key: AS7-4823 URL: https://issues.jboss.org/browse/AS7-4823 Project: Application Server 7 Issue Type: Task Components: Domain Management, Security Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 7.2.0.Alpha1 For completeness the add-user utility should also support an option for deleting / disabling users. If we go for disabling rather than deleting we may then also want enabling - the re-writes of the properties files retain the comments so a disable / enable mechanism would be easiest to just comment out the disabled user. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

1
2
0 / 0

[JBoss JIRA] (AS7-4049) Revisit the JBOSS_LOCAL_USER Mechanism

by Darran Lofthouse (JIRA)

Darran Lofthouse created AS7-4049: ------------------------------------- Summary: Revisit the JBOSS_LOCAL_USER Mechanism Key: AS7-4049 URL: https://issues.jboss.org/browse/AS7-4049 Project: Application Server 7 Issue Type: Task Components: Domain Management, Security Reporter: Darran Lofthouse Assignee: Darran Lofthouse There are various points to reconsider: - - Implementation becoming quite embedded in the RealmSecurityProviderService - No local configuration within the realms - No http equivalent -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

1
3
0 / 0

[JBoss JIRA] (AS7-2564) Allow genuine cross-origin resource sharing requests for domain management

by Darran Lofthouse (Created) (JIRA)

Allow genuine cross-origin resource sharing requests for domain management -------------------------------------------------------------------------- Key: AS7-2564 URL: https://issues.jboss.org/browse/AS7-2564 Project: Application Server 7 Issue Type: Task Components: Domain Management Reporter: Darran Lofthouse Assignee: Darran Lofthouse Priority: Minor Fix For: 7.2.0.Alpha1 There may be future scenarios where cross-origin requests could be supported such as custom web/admin applications deployed to different to a different server. This issue is to implement both configuration for accepted requests and support for the OPTIONS method. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

3
6
0 / 0

[JBoss JIRA] (JBJCA-841) Deployers test suite

by Jesper Pedersen (JIRA)

Jesper Pedersen created JBJCA-841: ------------------------------------- Summary: Deployers test suite Key: JBJCA-841 URL: https://issues.jboss.org/browse/JBJCA-841 Project: IronJacamar Issue Type: Task Components: Deployer Reporter: Jesper Pedersen Assignee: Vladimir Rastseluev Fix For: 1.1.0.Beta2 * Clean up deployers/ test suite for duplicated tests * Improve code coverage, especially for resource adapter v1.0 * Remove incorrect DTD tests for v1.5 and v1.6 * Give descriptive names for test classes and resources -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

2
2
0 / 0

[JBoss JIRA] (AS7-4391) admin console proxying vs header Origin

by Aleksandar Kostadinov (JIRA)

Aleksandar Kostadinov created AS7-4391: ------------------------------------------ Summary: admin console proxying vs header Origin Key: AS7-4391 URL: https://issues.jboss.org/browse/AS7-4391 Project: Application Server 7 Issue Type: Bug Components: Console Affects Versions: 7.1.1.Final Reporter: Aleksandar Kostadinov Assignee: Heiko Braun When using a reverse proxy to access AS7 console and a browser that sets the header Origin, 403 is returned due to mismatch between Origin and Host headers. Run the server on localhost for example by: bin/domain.sh Run apache httpd with the following configuration (e.g. in /etc/httpd/conf.d/proxy_console.conf): ProxyPassReverseCookieDomain localhost <your server public hostname> ProxyPassReverse / http://localhost:9990/ ProxyPass / http://localhost:9990/ These should work: open http://<your server public hostname> with firefox or IE - this should work curl -v -u "adminusername:adminpassword" --digest http://localhost:9990/management/ # on the server this should work These fail: open http://<your server public hostname> with chromium curl -v -u "adminusername:adminpassword" -H "Origin: http://<your server public hostname>" --digest http://localhost:9990/management/ What happens is that Chromium correctly sets the Origin header to the server public IP hostname. mod_proxy keeps that header but sets Host to localhost:9990. Console sees the mismatch and returns 403. Firefox and IE do not set that header so they work. That protection of admin console was introduced in: https://issues.jboss.org/browse/AS7-2400 https://github.com/jbossas/jboss-as/commit/29cf3610d8dab1af0227842d877b92... -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

3
8
0 / 0

[JBoss JIRA] (AS7-2812) Add message in CLI to indicate which authentication method was used.

by Darran Lofthouse (Created) (JIRA)

Add message in CLI to indicate which authentication method was used. -------------------------------------------------------------------- Key: AS7-2812 URL: https://issues.jboss.org/browse/AS7-2812 Project: Application Server 7 Issue Type: Task Components: CLI, Security Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 7.1.0.CR1 I need to review if this is feasible but there are a number of reports coming in where end users believe their server is not secured because our local / silent mechanism is working so quietly. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

4
8
0 / 0

[JBoss JIRA] (AS7-3112) Better integration of service based ServerAuthenticationProviders

by Darran Lofthouse (Created) (JIRA)

Better integration of service based ServerAuthenticationProviders ----------------------------------------------------------------- Key: AS7-3112 URL: https://issues.jboss.org/browse/AS7-3112 Project: Application Server 7 Issue Type: Task Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 7.1.0.Final The security configuration of Remoting within AS7 is based on supplying three things: - - The ServerAuthenticationProvider to obtain mechanism specific CallbackHanlders - The OptionMap to control the security mechanisms made available / mandated. - Possibly an initialised SSLContext for XnioSsl if SSL is being enabled. For domain management the capabilities of the backing realm are used to define the security offered i.e. if we have no SSL configuration we can not enable SSL, if the backing store can not return the plain text passwords we can not enable DIGEST. This has been achieved so far by using an intermediary service to define the configuration based on capabilities alone. This task it to take it one step further and allow this intermediary to be defined within the Remoting subsystem and maybe an equivalent for pure domain management to act as both a intermediary to define configuration based on the realm and also to allow additional configuration overrides. i.e. we need to support the additional SASL options available and SSL options available - this will somehow need to be merged / validated with the realm capabilities e.g. if a Realm is incompatible with Digest a user can not force the use of Digest. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

3
4
0 / 0

[JBoss JIRA] (AS7-3405) Authorization Checks for Services over Remoting

by Darran Lofthouse (JIRA)

Darran Lofthouse created AS7-3405: ------------------------------------- Summary: Authorization Checks for Services over Remoting Key: AS7-3405 URL: https://issues.jboss.org/browse/AS7-3405 Project: Application Server 7 Issue Type: Task Components: Security Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 7.1.0.Final As all services are now moving to be exposed over Remoting connectors they can all be secured using the same realm. This task is to ensure each at the very least has a basis for an authorization check that can be extended for more complex service specific requirements. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

2
6
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2012