[JBoss JIRA] (WFLY-468) Report master SHA1 before pull request gets rebased
by Jason Greene (JIRA)
[ https://issues.jboss.org/browse/WFLY-468?page=com.atlassian.jira.plugin.s... ]
Jason Greene updated WFLY-468:
------------------------------
Fix Version/s: 8.0.0.Final
(was: 8.0.0.CR1)
> Report master SHA1 before pull request gets rebased
> ---------------------------------------------------
>
> Key: WFLY-468
> URL: https://issues.jboss.org/browse/WFLY-468
> Project: WildFly
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Components: Test Suite
> Reporter: Thomas Diesler
> Assignee: Tomaz Cerar
> Fix For: 8.0.0.Final
>
>
> For a successful merge like [this|http://lightning.mw.lab.eng.bos.redhat.com/jenkins/job/as7-param-pul...] I see
> {code}
> + git init
> Initialized empty Git repository in /home/jenkins/jenkins-work/workspace/as7-param-pull/.git/
> + git config user.email jenkins(a)example.com
> + git config user.name 'Mr. Jenkins'
> + git remote add origin git://github.com/jbossas/jboss-as.git
> + git fetch origin master:refs/remotes/origin/master
> From git://github.com/jbossas/jboss-as
> * [new branch] master -> origin/master
> From git://github.com/jbossas/jboss-as
> ...
> * [new tag] 7.1.2.Final -> 7.1.2.Final
> + git fetch origin refs/pull/2593/head
> From git://github.com/jbossas/jboss-as
> * branch refs/pull/2593/head -> FETCH_HEAD
> + git checkout FETCH_HEAD
> ...
> Checking out files: 100% (9519/9519), done.
> Note: checking out 'FETCH_HEAD'.
> You are in 'detached HEAD' state. You can look around, make experimental
> changes and commit them, and you can discard any commits you make in this
> state without impacting any branches by performing another checkout.
> If you want to create a new branch to retain commits you create, you may
> do so (now or later) by using -b with the checkout command again. Example:
> git checkout -b new_branch_name
> HEAD is now at 3a64ae5... [AS7-5052] Allow WAR deployments as OSGi bundles
> + git rebase origin/master
> First, rewinding head to replay your work on top of it...
> Applying: [AS7-4918] Registered module using OSGi capability not visible as a bundle
> Applying: [AS7-5049] Allow bundles to get resolved/activated during deployment unit processing
> Applying: [AS7-5104] Remove no-start behaviour for test bundle deployments
> Applying: [AS7-5093] Allow JDBC driver deployments as OSGi bundles
> Applying: [AS7-5052] Allow WAR deployments as OSGi bundles
> {code}
> This tells me that the rebase was ok, but not onto what master revision it happened. Hence I cannot reproduce this run locally.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 6 months
[JBoss JIRA] (WFLY-483) Allow more control over authentication for server to server communication through remote-outbound-connection
by Jason Greene (JIRA)
[ https://issues.jboss.org/browse/WFLY-483?page=com.atlassian.jira.plugin.s... ]
Jason Greene updated WFLY-483:
------------------------------
Fix Version/s: 8.0.0.Final
(was: 8.0.0.CR1)
> Allow more control over authentication for server to server communication through remote-outbound-connection
> ------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-483
> URL: https://issues.jboss.org/browse/WFLY-483
> Project: WildFly
> Issue Type: Sub-task
> Security Level: Public(Everyone can see)
> Components: Remoting, Security
> Reporter: jaikiran pai
> Assignee: Darran Lofthouse
> Fix For: 8.0.0.Final
>
>
> Right now for server to server communication via a remote-outbound-connection, we expect a static username to be specified (along with the security realm). User applications which use this remote-outbound-connection, for example an EJB application, do not have much control over the user/pass information, since the username is static. This further acts a drawback since the username that's used to connect to the remote server will be used as the (application) user who invoked the EJB.
> It would be good to allow more control over the authentication for the remote-outbound-connection.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 6 months
[JBoss JIRA] (WFLY-485) Review SecurityContext associations
by Jason Greene (JIRA)
[ https://issues.jboss.org/browse/WFLY-485?page=com.atlassian.jira.plugin.s... ]
Jason Greene updated WFLY-485:
------------------------------
Fix Version/s: 8.0.0.Final
(was: 8.0.0.CR1)
> Review SecurityContext associations
> ------------------------------------
>
> Key: WFLY-485
> URL: https://issues.jboss.org/browse/WFLY-485
> Project: WildFly
> Issue Type: Sub-task
> Security Level: Public(Everyone can see)
> Components: Security
> Reporter: Darran Lofthouse
> Assignee: David Lloyd
> Labels: Security_SPI
> Fix For: 8.0.0.Final
>
>
> We should re-review the approach we take for security context association within AS7 containers.
> Back at the time of AS 3 it fairly reliable to assume a 1:1 mapping of thread and client with the incoming connection being allocated it's own thread, this is no longer automatically the case and different containers can use different threading models e.g. using Executors to handle asynchronous requests.
> The problem with using a ThreadLocal approach is that every time a container diverges from the 1:1 mapping of thread and client that container needs to work around the issue of an invalid SecurityContext association.
> One possibility is to pass responsibility for managing the context to the container although this then introduces the question of how it is passed from container to container. This issue needs to consider this further.
> Also need to review further how the security context can be created at all entry points to the server and how it can be manually switched now that we use SASL on entry for remote calls we do now have the opportunity for equivalent behaviour at the entry point for both web and ejb type calls - in the past we only had this opportunity for web based calls and would only create a security context on entering the interceptors for the EJB calls.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 6 months
[JBoss JIRA] (WFLY-490) Domain Management Role Based Access Control
by Jason Greene (JIRA)
[ https://issues.jboss.org/browse/WFLY-490?page=com.atlassian.jira.plugin.s... ]
Jason Greene updated WFLY-490:
------------------------------
Fix Version/s: 8.0.0.Final
(was: 8.0.0.CR1)
> Domain Management Role Based Access Control
> -------------------------------------------
>
> Key: WFLY-490
> URL: https://issues.jboss.org/browse/WFLY-490
> Project: WildFly
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Domain Management, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Blocker
> Labels: Authorization
> Fix For: 8.0.0.Final
>
>
> Implement some coarse permissions for domain operations. Possibly allowing a break down for subsystem, profile, server, server-group - maybe read - write - execute.
> Also consider confidentiality in exchange e.g. Can read metrics over http but must use https to add new server.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 6 months
[JBoss JIRA] (WFLY-486) Implement Trust for users requesting to run as a different user.
by Jason Greene (JIRA)
[ https://issues.jboss.org/browse/WFLY-486?page=com.atlassian.jira.plugin.s... ]
Jason Greene updated WFLY-486:
------------------------------
Fix Version/s: 8.0.0.Final
(was: 8.0.0.CR1)
> Implement Trust for users requesting to run as a different user.
> ----------------------------------------------------------------
>
> Key: WFLY-486
> URL: https://issues.jboss.org/browse/WFLY-486
> Project: WildFly
> Issue Type: Sub-task
> Security Level: Public(Everyone can see)
> Components: Remoting, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 8.0.0.Final
>
>
> Where SASL is used for authentication users can request to authenticate as themselves but to be authorized to connect to the server as a different user.
> A couple of examples where this could be used: -
> - A user granting access to another user to log into their account.
> - A user with two levels of access e.g. normal and admin and requesting they have admin level access.
> Another area we are looking to use this feature is where one server connects to another server but want to be able to run requests on the remote server using the identity of a specified user.
> This Jira issue is to enhance the security realms to allow for trust permissions to be defined - initially this will be local to a single realm but will subsequently be opened up to work across different realms.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 6 months