[JBoss JIRA] (WFLY-483) Allow more control over authentication for server to server communication through remote-outbound-connection
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-483?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated WFLY-483:
----------------------------------
Fix Version/s: 8.0.0.Alpha2
(was: 8.0.0.Alpha1)
> Allow more control over authentication for server to server communication through remote-outbound-connection
> ------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-483
> URL: https://issues.jboss.org/browse/WFLY-483
> Project: WildFly
> Issue Type: Sub-task
> Components: Remoting, Security
> Reporter: jaikiran pai
> Assignee: Darran Lofthouse
> Fix For: 8.0.0.Alpha2
>
>
> Right now for server to server communication via a remote-outbound-connection, we expect a static username to be specified (along with the security realm). User applications which use this remote-outbound-connection, for example an EJB application, do not have much control over the user/pass information, since the username is static. This further acts a drawback since the username that's used to connect to the remote server will be used as the (application) user who invoked the EJB.
> It would be good to allow more control over the authentication for the remote-outbound-connection.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 2 months
[JBoss JIRA] (WFLY-466) Detect JBossWS Configuration for @PermitAll endpoints within Undertow subsystem.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-466?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated WFLY-466:
----------------------------------
Fix Version/s: 8.0.0.Alpha2
(was: 8.0.0.Alpha1)
> Detect JBossWS Configuration for @PermitAll endpoints within Undertow subsystem.
> --------------------------------------------------------------------------------
>
> Key: WFLY-466
> URL: https://issues.jboss.org/browse/WFLY-466
> Project: WildFly
> Issue Type: Task
> Components: Web (JBoss Web)
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 8.0.0.Alpha2
>
>
> UNDERTOW-38 has added the possibility of deploying web applications where authentication is mandated but no authorization checks are performed - this is required for integration use cases such as EJB endpoints where authorization checks are being left to the EJB container.
> This task is to update the Undertow susbsystem to detect this scenario and enable the new mode for UNDERTOW-38.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 2 months
[JBoss JIRA] (WFLY-210) Point to explicit security doc in server.log
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-210?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated WFLY-210:
----------------------------------
Fix Version/s: 9.0.0.CR1
(was: 8.0.0.Alpha1)
> Point to explicit security doc in server.log
> --------------------------------------------
>
> Key: WFLY-210
> URL: https://issues.jboss.org/browse/WFLY-210
> Project: WildFly
> Issue Type: Enhancement
> Components: Server
> Environment: Thinkpad T510 w/ 4 cores, 8Gb, running CSB
> Reporter: Chuck Mosher
> Assignee: Darran Lofthouse
> Priority: Minor
> Labels: eap6-ux
> Fix For: 9.0.0.CR1
>
>
> Nice to warn me (in the server.log) that I have a security issue due to the cluster admin/user pwd using the defaults. Warning tells me to look at the docs; would it be possible to put it the hyperlink to the specific doc?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 2 months
[JBoss JIRA] (WFLY-423) Allow management of all current Remoting connections (inbound and outbound)
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-423?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated WFLY-423:
----------------------------------
Fix Version/s: 9.0.0.CR1
(was: 8.0.0.Alpha1)
> Allow management of all current Remoting connections (inbound and outbound)
> ---------------------------------------------------------------------------
>
> Key: WFLY-423
> URL: https://issues.jboss.org/browse/WFLY-423
> Project: WildFly
> Issue Type: Task
> Components: Remoting
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Labels: Remoting_Management
> Fix For: 9.0.0.CR1
>
>
> This task is to make it possible to view the details of all currently established Remoting connections and to allow termination of these connections.
> In addition to seeing the open connections it should be possible to see the channels opened by each connection. Also while starting on a connection first view you may also want to start on a channel first view i.e. all JNDI users or all EJB users.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 2 months
[JBoss JIRA] (WFLY-460) Switchable Nonce Handling Strategy for HTTP DigestAuthenticator
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-460?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated WFLY-460:
----------------------------------
Fix Version/s: 9.0.0.CR1
(was: 8.0.0.Alpha1)
> Switchable Nonce Handling Strategy for HTTP DigestAuthenticator
> ---------------------------------------------------------------
>
> Key: WFLY-460
> URL: https://issues.jboss.org/browse/WFLY-460
> Project: WildFly
> Issue Type: Task
> Components: Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Labels: Common_Authentication
> Fix For: 9.0.0.CR1
>
>
> Allow the nonce strategy to be switchable: -
> 1 - Real 'Number Used Once' - i.e. new nonce for each request.
> 2 - Nonce per connection i.e. as long as a connection is kept alive allow re-use of nonce - new nonce on new connection.
> 3 - Timed nonce - Generate a nonce with a server secret and timestamp, nonce will be accepted for a validity period.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 2 months
[JBoss JIRA] (WFLY-326) Logout a remote client from server and clearing login module cache.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-326?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated WFLY-326:
----------------------------------
Fix Version/s: 9.0.0.CR1
(was: 8.0.0.Alpha1)
> Logout a remote client from server and clearing login module cache.
> -------------------------------------------------------------------
>
> Key: WFLY-326
> URL: https://issues.jboss.org/browse/WFLY-326
> Project: WildFly
> Issue Type: Feature Request
> Components: Remoting, Security, Server
> Environment: java 1.6
> win 7 64 bit
> 4 gb ram
> Reporter: Serkan Yıldırım
> Assignee: Darran Lofthouse
> Labels: Remoting_Management, jboss-as7, login-module, logout, remoting, security
> Fix For: 9.0.0.CR1
>
>
> I have a custom login module. I authenticate and authorize a user (creating roles) by using this custom module. When i close the remote application, i want to logout the user from server so that clear login module cache, i.e deleting principals and roles from the cache. I couldn't find a solution for this problem in forum. If it exists, could you please explain it, thanks.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 2 months