December 2013 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-379) Fix & re-enable ignored security tests

by Jason Greene (JIRA)

[ https://issues.jboss.org/browse/WFLY-379?page=com.atlassian.jira.plugin.s... ] Jason Greene updated WFLY-379: ------------------------------ Fix Version/s: 8.0.0.Final > Fix & re-enable ignored security tests > -------------------------------------- > > Key: WFLY-379 > URL: https://issues.jboss.org/browse/WFLY-379 > Project: WildFly > Issue Type: Sub-task > Security Level: Public(Everyone can see) > Components: Security > Affects Versions: 8.0.0.Alpha1 > Environment: AS8 with undertow > Reporter: Tomaz Cerar > Assignee: Darran Lofthouse > Fix For: 8.0.0.CR1, 8.0.0.Final > > > AS8 with undertow fails few security tests. > This issue is here just for tracking what they are so they can be fixed -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-377) Provide "destroy-queue" and "destroy-topic" operations to CLI

by Jason Greene (JIRA)

[ https://issues.jboss.org/browse/WFLY-377?page=com.atlassian.jira.plugin.s... ] Jason Greene updated WFLY-377: ------------------------------ Fix Version/s: 8.0.0.Final > Provide "destroy-queue" and "destroy-topic" operations to CLI > ------------------------------------------------------------- > > Key: WFLY-377 > URL: https://issues.jboss.org/browse/WFLY-377 > Project: WildFly > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: CLI, JMS > Reporter: Miroslav Novak > Assignee: Alexey Loubyansky > Fix For: 8.0.0.CR1, 8.0.0.Final > > > Operations "destroy-queue" and "destroy-topic" would destroy queue/topic with all its messages and subscriptions. > They would be used under for example /subsystem=messaging/hornetq-server=default/jms-queue=testQueue or /subsystem=messaging/hornetq-server=default/jms-topic=testTopic. > The goal is to provide a simple way how to get rid of those objects to administrators. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-378) Provide ability to detect server shutdown

by Jason Greene (JIRA)

[ https://issues.jboss.org/browse/WFLY-378?page=com.atlassian.jira.plugin.s... ] Jason Greene updated WFLY-378: ------------------------------ Fix Version/s: 8.0.0.Final > Provide ability to detect server shutdown > ----------------------------------------- > > Key: WFLY-378 > URL: https://issues.jboss.org/browse/WFLY-378 > Project: WildFly > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: Server > Reporter: Thomas Diesler > Assignee: Jason Greene > Fix For: 8.0.0.CR1, 8.0.0.Final > > > The general use case is that a subsystem maintains state (on behalf of a deployment) that should be removed on explicit user interaction (i.e. mgmt op) but not on subsystem/server shutdown. This should also work in the domain case. Perhaps the ApplicationServerService (or similar) could be queried about whether it is currently shutting down. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-444) Remove ServerEnvironment.getModulesDir()

by Jason Greene (JIRA)

[ https://issues.jboss.org/browse/WFLY-444?page=com.atlassian.jira.plugin.s... ] Jason Greene updated WFLY-444: ------------------------------ Fix Version/s: 8.0.0.Final (was: 8.0.0.CR1) > Remove ServerEnvironment.getModulesDir() > ---------------------------------------- > > Key: WFLY-444 > URL: https://issues.jboss.org/browse/WFLY-444 > Project: WildFly > Issue Type: Task > Security Level: Public(Everyone can see) > Components: Server > Reporter: Brian Stansberry > Fix For: 8.0.0.Final > > > This method was deprecated in 7.1.0 and the OSGi subsystem is removing the only known use of it in 7.1.2. Remove the method in 7.2. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-447) Connection Reauthentication and Security Propagation

by Jason Greene (JIRA)

[ https://issues.jboss.org/browse/WFLY-447?page=com.atlassian.jira.plugin.s... ] Jason Greene updated WFLY-447: ------------------------------ Fix Version/s: 8.0.0.Final (was: 8.0.0.CR1) > Connection Reauthentication and Security Propagation > ---------------------------------------------------- > > Key: WFLY-447 > URL: https://issues.jboss.org/browse/WFLY-447 > Project: WildFly > Issue Type: Task > Security Level: Public(Everyone can see) > Components: EJB, Remoting, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 8.0.0.Final > > > This task is a top level task to coordinate the addition of support for switching to different security identities on an existing connection over Remoting. > This is to predominantly cover two major scenarios: - > - Clients using a single connection but require different calls to be executed as different users, in this case the client has the information required to start a new authentication as a different user. > - Server to server communication where the first server has already authenticated a remote user - for this scenario the first server needs a way to tell the second server what identity to run the call as. > The following document is building up the requirements and design considerations and decisions: - > https://community.jboss.org/wiki/ConnectionRe-AuthenticationAndSecurityPr... -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-442) Review of AccessController and PrivilegedAction use across AS7

by Jason Greene (JIRA)

[ https://issues.jboss.org/browse/WFLY-442?page=com.atlassian.jira.plugin.s... ] Jason Greene updated WFLY-442: ------------------------------ Fix Version/s: 8.0.0.Final (was: 8.0.0.CR1) > Review of AccessController and PrivilegedAction use across AS7 > -------------------------------------------------------------- > > Key: WFLY-442 > URL: https://issues.jboss.org/browse/WFLY-442 > Project: WildFly > Issue Type: Task > Security Level: Public(Everyone can see) > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 8.0.0.Final > > > The following needs reviewing across AS7: - > - On demand instantiation of PrivilegedActions where singletons would suffice (Consider frequency of calls, gc may be preferable). > - Use of AccessController even though there is no SecurityManager set. > - Code duplication, in every case I have seen so far the code is the same regardless of if PRIVILEGED or NON_PRIVILEGED > - Utility methods with visibility too high. > - In depth review of the other methods, i.e. if the first thing a public method does is set the class loader based on a parameter passed in it could be used badly - it may even be a justification for that method to NOT use a PrivilegedAction. > - Code that requires to be executed using a PrivilegedAction should also be double checked that it is not doing too much as the identity of the caller. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-443) Add integration test of Seam2 integration

by Jason Greene (JIRA)

[ https://issues.jboss.org/browse/WFLY-443?page=com.atlassian.jira.plugin.s... ] Jason Greene updated WFLY-443: ------------------------------ Fix Version/s: 8.0.0.Final (was: 8.0.0.CR1) > Add integration test of Seam2 integration > ----------------------------------------- > > Key: WFLY-443 > URL: https://issues.jboss.org/browse/WFLY-443 > Project: WildFly > Issue Type: Task > Security Level: Public(Everyone can see) > Components: Test Suite > Environment: https://github.com/jbossas/jboss-as/commit/b036d103ed503b0099d3f62c1c50f9... will break the Seam 2 integration since Seam2Processor will look for the specific jar name. Yet the commit did not result in any testsuite failure. So, it seems we have no integration testing. > Reporter: Brian Stansberry > Fix For: 8.0.0.Final > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-428) Move DC operation stream cleaning from OperationCoordinatorStepHandler and into the OSHs that actual process the input streams

by Jason Greene (JIRA)

[ https://issues.jboss.org/browse/WFLY-428?page=com.atlassian.jira.plugin.s... ] Jason Greene updated WFLY-428: ------------------------------ Fix Version/s: 8.0.0.Final (was: 8.0.0.CR1) > Move DC operation stream cleaning from OperationCoordinatorStepHandler and into the OSHs that actual process the input streams > ------------------------------------------------------------------------------------------------------------------------------ > > Key: WFLY-428 > URL: https://issues.jboss.org/browse/WFLY-428 > Project: WildFly > Issue Type: Task > Security Level: Public(Everyone can see) > Components: Domain Management > Reporter: Brian Stansberry > Fix For: 8.0.0.Final > > > Get rid of hackaliciousness at [1] and replace using OperationAttachments the way Stuart did for deployment overlays. > [1] https://github.com/jbossas/jboss-as/blob/master/host-controller/src/main/... -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-435) Validate servlet run as identity propagation

by Jason Greene (JIRA)

[ https://issues.jboss.org/browse/WFLY-435?page=com.atlassian.jira.plugin.s... ] Jason Greene updated WFLY-435: ------------------------------ Fix Version/s: 8.0.0.Final (was: 8.0.0.CR1) > Validate servlet run as identity propagation > -------------------------------------------- > > Key: WFLY-435 > URL: https://issues.jboss.org/browse/WFLY-435 > Project: WildFly > Issue Type: Task > Security Level: Public(Everyone can see) > Components: EJB, Security, Web (JBoss Web) > Reporter: Marcus Moyses > Assignee: Peter Skopek > Priority: Minor > Fix For: 8.0.0.Final > > > Need to validate if the run as identity configured in jboss-web.xml for a servlet is propagated to ejb invocations. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-441) If possible, eliminate the NonTxEmCloser by closing the EM immediately after each EM invocation

by Jason Greene (JIRA)

[ https://issues.jboss.org/browse/WFLY-441?page=com.atlassian.jira.plugin.s... ] Jason Greene updated WFLY-441: ------------------------------ Fix Version/s: 8.0.0.Final (was: 8.0.0.CR1) > If possible, eliminate the NonTxEmCloser by closing the EM immediately after each EM invocation > ----------------------------------------------------------------------------------------------- > > Key: WFLY-441 > URL: https://issues.jboss.org/browse/WFLY-441 > Project: WildFly > Issue Type: Task > Security Level: Public(Everyone can see) > Components: JPA / Hibernate > Reporter: Scott Marlow > Priority: Minor > Fix For: 8.0.0.Final > > > For Queries, handoff the EntityManager to a Query object wrapper and have the Query object finalizer close the EntityManager. > Make sure that we respect JPA 2.0 section 3.8.6 (detach objects returned from Query object). > 1. Methods that return a Query, will hand off the EM to the Query object wrapper. > 2. Other methods will close the EM at the end of the EM method invocation. > When making this change, make sure that performance doesn't degrade. The cost of this change, will be that each (transaction scoped non-tx) EM invocation will create a new persistence context, but we can eliminate the NonTxEmCloser which has its own overhead. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira December 2013