April 2013 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-442) Review of AccessController and PrivilegedAction use across AS7

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-442?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated WFLY-442: ---------------------------------- Fix Version/s: 8.0.0.Alpha2 (was: 8.0.0.Alpha1) > Review of AccessController and PrivilegedAction use across AS7 > -------------------------------------------------------------- > > Key: WFLY-442 > URL: https://issues.jboss.org/browse/WFLY-442 > Project: WildFly > Issue Type: Task > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 8.0.0.Alpha2 > > > The following needs reviewing across AS7: - > - On demand instantiation of PrivilegedActions where singletons would suffice (Consider frequency of calls, gc may be preferable). > - Use of AccessController even though there is no SecurityManager set. > - Code duplication, in every case I have seen so far the code is the same regardless of if PRIVILEGED or NON_PRIVILEGED > - Utility methods with visibility too high. > - In depth review of the other methods, i.e. if the first thing a public method does is set the class loader based on a parameter passed in it could be used badly - it may even be a justification for that method to NOT use a PrivilegedAction. > - Code that requires to be executed using a PrivilegedAction should also be double checked that it is not doing too much as the identity of the caller. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-218) Update add-user utility to allow overrides of property file name.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-218?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated WFLY-218: ---------------------------------- Fix Version/s: 8.0.0.Alpha2 (was: 8.0.0.Alpha1) > Update add-user utility to allow overrides of property file name. > ----------------------------------------------------------------- > > Key: WFLY-218 > URL: https://issues.jboss.org/browse/WFLY-218 > Project: WildFly > Issue Type: Enhancement > Components: Domain Management, Scripts > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 8.0.0.Alpha2 > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-415) Add Full Kerberos Support

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-415?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated WFLY-415: ---------------------------------- Fix Version/s: 8.0.0.Alpha2 (was: 8.0.0.Alpha1) > Add Full Kerberos Support > ------------------------- > > Key: WFLY-415 > URL: https://issues.jboss.org/browse/WFLY-415 > Project: WildFly > Issue Type: Task > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 8.0.0.Alpha2 > > > There are a number of steps required to full add Kerberos support - this is a top level tracking task to be resolved once all steps are complete. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-383) Re-Evaluate or Remove WebSecurityJBossWebXmlSecurityRolesTestCase

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-383?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated WFLY-383: ---------------------------------- Fix Version/s: 8.0.0.Alpha2 (was: 8.0.0.Alpha1) > Re-Evaluate or Remove WebSecurityJBossWebXmlSecurityRolesTestCase > ----------------------------------------------------------------- > > Key: WFLY-383 > URL: https://issues.jboss.org/browse/WFLY-383 > Project: WildFly > Issue Type: Sub-task > Components: Test Suite, Web (Undertow) > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 8.0.0.Alpha2 > > > I have marked this test as "@Ignore"d as I do not believe the capability that is being tested is actually valid. > I can not find any evidence that we ever intended for a role to role mapping within the jboss-web.xml instead we only intended a principal to role mapping. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-482) Domain Management - Enable silent authentication using Kerberos

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-482?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated WFLY-482: ---------------------------------- Fix Version/s: 8.0.0.Alpha2 (was: 8.0.0.Alpha1) > Domain Management - Enable silent authentication using Kerberos > --------------------------------------------------------------- > > Key: WFLY-482 > URL: https://issues.jboss.org/browse/WFLY-482 > Project: WildFly > Issue Type: Sub-task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Labels: Common_Authentication, Kerberos, > Fix For: 8.0.0.Alpha2 > > > It should be possible for users to authenticate for domain management using Kerberos. > Over the HTTP interface this will be SPNEGO, for the Native connection we use SASL so can use GSSAPI -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-352) EAP 6 Domain Mode Logging for Management is nonexistent.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-352?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated WFLY-352: ---------------------------------- Fix Version/s: 8.0.0.Alpha2 (was: 8.0.0.Alpha1) > EAP 6 Domain Mode Logging for Management is nonexistent. > --------------------------------------------------------- > > Key: WFLY-352 > URL: https://issues.jboss.org/browse/WFLY-352 > Project: WildFly > Issue Type: Feature Request > Components: Domain Management > Reporter: Eric Rich > Assignee: Darran Lofthouse > Fix For: 8.0.0.Alpha2 > > Attachments: jboss-as-domain-management-7.1.2.Final-redhat-1.jar, log_mgmt_auth_calls.txt > > > When trying to diagnose LDAP or Admin Configuration issue in Domain mode there is currently no logging for any of the authentication information. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-489) Authorization check for JNDI

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-489?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated WFLY-489: ---------------------------------- Fix Version/s: 8.0.0.Alpha2 (was: 8.0.0.Alpha1) > Authorization check for JNDI > ---------------------------- > > Key: WFLY-489 > URL: https://issues.jboss.org/browse/WFLY-489 > Project: WildFly > Issue Type: Sub-task > Components: Naming, Remoting, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Labels: Authorization > Fix For: 8.0.0.Alpha2 > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-487) Verify audit implications and required APIs

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-487?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated WFLY-487: ---------------------------------- Fix Version/s: 8.0.0.Alpha2 (was: 8.0.0.Alpha1) > Verify audit implications and required APIs > ------------------------------------------- > > Key: WFLY-487 > URL: https://issues.jboss.org/browse/WFLY-487 > Project: WildFly > Issue Type: Sub-task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 8.0.0.Alpha2 > > > Auditing may be logging as the user that executes a request, if we have used a trust relationship for a request to be run as a different user we need to be able to track back to identify how the user for the request was selected. > i.e. If userA runs something as userB and does something bad we must be able to track back that it was userA making the overall request without userB getting the blame. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-375) Add support to specify ciphers available with Remoting

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-375?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated WFLY-375: ---------------------------------- Fix Version/s: 8.0.0.Alpha2 (was: 8.0.0.Alpha1) > Add support to specify ciphers available with Remoting > ------------------------------------------------------ > > Key: WFLY-375 > URL: https://issues.jboss.org/browse/WFLY-375 > Project: WildFly > Issue Type: Feature Request > Components: Domain Management, Remoting, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 8.0.0.Alpha2 > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-50) Management Console - LDAP authentication fails

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-50?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated WFLY-50: --------------------------------- Fix Version/s: 8.0.0.Alpha2 (was: 8.0.0.Alpha1) > Management Console - LDAP authentication fails > ---------------------------------------------- > > Key: WFLY-50 > URL: https://issues.jboss.org/browse/WFLY-50 > Project: WildFly > Issue Type: Bug > Components: Domain Management, Security > Environment: JBoss 7.1.1 on windows xp 32 / jboss 7.1.2 on cent os 6.3, x86_64, standalone.xml > Reporter: narayana b > Assignee: Darran Lofthouse > Fix For: 8.0.0.Alpha2 > > > 1) security realms >  > <security-realm name="my_Ldap_Realm"> > <authentication> > <ldap connection="my_Ldap_Connection" base-dn="dc=example,dc=com"> > <username-filter attribute="sAMAccountName"/> >  > </ldap> > </authentication> > </security-realm> >  > 2) outbound connections >  > <outbound-connections> > <ldap name="my_Ldap_Connection" > url="ldap://localhost:10389/" > search-dn="cn=jboss,ou=People,dc=example,dc=com" search-credential="admin123" /> > </outbound-connections> >  > 3) Management console info config >  > <native-interface security-realm="my_Ldap_Realm"> > <socket-binding native="management-native"/> > </native-interface> > <http-interface security-realm="my_Ldap_Realm"> > <socket-binding http="management-http"/> >  > > </http-interface> >  -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 8 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira April 2013