[JBoss JIRA] (WFCORE-276) whoami operation failed when rbac enabled but no roles assigned
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-276?page=com.atlassian.jira.plugin... ]
Darran Lofthouse resolved WFCORE-276.
-------------------------------------
Resolution: Won't Fix
Marking as 'Won't Fix' as this failure is happening during the validation of a low level command, the recommended approach is to use a high level command.
Within the CLI a high level command 'connection-info' already exists which amongst other things outputs the resulting role information from whoami so there is no benefit in adding another high level command to duplicate this.
> whoami operation failed when rbac enabled but no roles assigned
> ---------------------------------------------------------------
>
> Key: WFCORE-276
> URL: https://issues.jboss.org/browse/WFCORE-276
> Project: WildFly Core
> Issue Type: Bug
> Components: CLI, Domain Management
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.0.0.Alpha14
>
>
> Need to double check this is either the CLI making a call in addition to the whoami op and that call is failing or something being accessed by whoami is causing the failure.
> Here is the failure for a user with no roles: -
> {noformat}
> [standalone@localhost:9990 /] [darranl@localhost bin]$ ./jboss-cli.sh -c --no-local-auth
> Authenticating against security realm: ManagementRealm
> Username: UserTwo
> Password:
> [standalone@localhost:9990 /] :whoami
> {
> "outcome" => "success",
> "result" => {"identity" => {
> "username" => "UserTwo",
> "realm" => "ManagementRealm"
> }}
> }
> [standalone@localhost:9990 /] :whoami(verbose=true)
> Failed to get the list of the operation properties: "WFLYCTL0313: Unauthorized to execute operation 'read-operation-description' for resource '[]' -- "WFLYCTL0332: Permission denied""
> [standalone@localhost:9990 /]
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.8#6338)
9 years, 7 months
[JBoss JIRA] (WFCORE-275) Migrate some RBAC tests from WildFly full to core
by Emmanuel Hugonnet (JIRA)
[ https://issues.jboss.org/browse/WFCORE-275?page=com.atlassian.jira.plugin... ]
Emmanuel Hugonnet commented on WFCORE-275:
------------------------------------------
AccessConstraintUtilizationTestCase -- non-core
ApplicationTypeTestCase -- core -- create a variant using logging
StandardRolesBasicTestCase -- core-ish -- replace war, figure out jmx, add extension to replace ds
-- CliInterfaceStandardRolesBasicTestCase -- core
-- HttpInterfaceStandardRolesBasicTestCase -- core
-- NativeInterfaceStandardRolesBasicTestCase -- core
-- Jmx2ndInterfaceStandardRolesBasicTestCase ???
-- JmxInterfaceStandardRolesBasicTestCase ???
DeploymentScannerTestCase -- core; replace sar
IncludeAllRoleTestCase -- core
JmxNonSensitiveTestCase -- with jmx
JmxSensitiveTestCase -- with jmx
LdapRoleMappingG2UTestCase -- core
LdapRoleMappingU2GTestCase -- core
PermissionsCoverageTestCase -- core and full
ReadResourceDescriptionVsActualOperationTestCase -- core, but meh
RejectingCombinationPolicyTestCase -- core
RoleMappingRuntimeReconfigurationTestCase -- core
RolesIntegrityCheckingTestCase -- core
ValidateAddressOrOperationTestCase -- core; replace DS
VaultExpressionSensitivityTestCase -- core; replace DS
> Migrate some RBAC tests from WildFly full to core
> -------------------------------------------------
>
> Key: WFCORE-275
> URL: https://issues.jboss.org/browse/WFCORE-275
> Project: WildFly Core
> Issue Type: Task
> Components: Test Suite
> Affects Versions: 1.0.0.Alpha13
> Reporter: Emmanuel Hugonnet
> Assignee: Emmanuel Hugonnet
>
> All RBAC integration testing is currently done in the WILDFLY project whereas the code is in WFCORE. Migrate some tests which are not related to the RBAC usage in WILDFLY to WFCORE.
--
This message was sent by Atlassian JIRA
(v6.3.8#6338)
9 years, 7 months
[JBoss JIRA] (WFCORE-278) Revisit error message for an authentication failure.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-278?page=com.atlassian.jira.plugin... ]
Darran Lofthouse moved WFLY-3208 to WFCORE-278:
-----------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-278 (was: WFLY-3208)
Issue Type: Bug (was: Task)
Affects Version/s: (was: 8.0.0.Final)
Component/s: CLI
Domain Management
Remoting
Security
(was: CLI)
(was: Domain Management)
(was: Remoting)
(was: Security)
Fix Version/s: 1.0.0.Alpha14
(was: 9.0.0.Beta1)
> Revisit error message for an authentication failure.
> ----------------------------------------------------
>
> Key: WFCORE-278
> URL: https://issues.jboss.org/browse/WFCORE-278
> Project: WildFly Core
> Issue Type: Bug
> Components: CLI, Domain Management, Remoting, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.0.0.Alpha14
>
>
> After authentication fails in the CLI the following error message is output: -
> {code}
> Unable to authenticate against controller at localhost:9990: Authentication failed: the server presented no authentication mechanisms
> {code}
> This text is a bit misleading, what it actually means is all mechanisms presented have either been excluded or attempted and now no further mechanisms are available to try.
--
This message was sent by Atlassian JIRA
(v6.3.8#6338)
9 years, 7 months
[JBoss JIRA] (WFCORE-276) whoami operation failed when rbac enabled but no roles assigned
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-276?page=com.atlassian.jira.plugin... ]
Darran Lofthouse updated WFCORE-276:
------------------------------------
Description:
Need to double check this is either the CLI making a call in addition to the whoami op and that call is failing or something being accessed by whoami is causing the failure.
Here is the failure for a user with no roles: -
{noformat}
[standalone@localhost:9990 /] [darranl@localhost bin]$ ./jboss-cli.sh -c --no-local-auth
Authenticating against security realm: ManagementRealm
Username: UserTwo
Password:
[standalone@localhost:9990 /] :whoami
{
"outcome" => "success",
"result" => {"identity" => {
"username" => "UserTwo",
"realm" => "ManagementRealm"
}}
}
[standalone@localhost:9990 /] :whoami(verbose=true)
Failed to get the list of the operation properties: "WFLYCTL0313: Unauthorized to execute operation 'read-operation-description' for resource '[]' -- "WFLYCTL0332: Permission denied""
[standalone@localhost:9990 /]
{noformat}
was:Need to double check this is either the CLI making a call in addition to the whoami op and that call is failing or something being accessed by whoami is causing the failure.
> whoami operation failed when rbac enabled but no roles assigned
> ---------------------------------------------------------------
>
> Key: WFCORE-276
> URL: https://issues.jboss.org/browse/WFCORE-276
> Project: WildFly Core
> Issue Type: Bug
> Components: CLI, Domain Management
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.0.0.Alpha14
>
>
> Need to double check this is either the CLI making a call in addition to the whoami op and that call is failing or something being accessed by whoami is causing the failure.
> Here is the failure for a user with no roles: -
> {noformat}
> [standalone@localhost:9990 /] [darranl@localhost bin]$ ./jboss-cli.sh -c --no-local-auth
> Authenticating against security realm: ManagementRealm
> Username: UserTwo
> Password:
> [standalone@localhost:9990 /] :whoami
> {
> "outcome" => "success",
> "result" => {"identity" => {
> "username" => "UserTwo",
> "realm" => "ManagementRealm"
> }}
> }
> [standalone@localhost:9990 /] :whoami(verbose=true)
> Failed to get the list of the operation properties: "WFLYCTL0313: Unauthorized to execute operation 'read-operation-description' for resource '[]' -- "WFLYCTL0332: Permission denied""
> [standalone@localhost:9990 /]
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.8#6338)
9 years, 7 months
[JBoss JIRA] (WFLY-4116) WAR deployment fails on missing security domain dependency
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-4116?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse resolved WFLY-4116.
------------------------------------
Resolution: Rejected
> WAR deployment fails on missing security domain dependency
> ----------------------------------------------------------
>
> Key: WFLY-4116
> URL: https://issues.jboss.org/browse/WFLY-4116
> Project: WildFly
> Issue Type: Feature Request
> Components: Security, Web (JBoss Web), Web (Undertow)
> Affects Versions: 8.2.0.Final
> Environment: Standalone form-based authentication WAR
> Reporter: Lars Hellgren
> Assignee: Darran Lofthouse
> Fix For: 8.2.0.Final
>
>
> Moving WARs using form based authentication from WildFly 8.1 Final to 8.2 Final fails due to a missing security domain dependency.
> *Log*
> {noformat}
> service jboss.security.security-domain.java:/jaas/haa-portal (missing) dependents:
> [service jboss.deployment.unit."haa-security-manager.war".component.SecurityManagerRepositorySessionBean.CREATE,
> service jboss.deployment.unit."haa-security-manager.war".component.UserPrefsRepository.CREATE]
> {noformat}
> *jboss-web.xml*
> {code:xml}
> <jboss-web>
> <security-domain>java:/jaas/haa-portal</security-domain>
> </jboss-web>
> {code}
> *standalone.xml*
> {code:xml}
> <subsystem xmlns="urn:jboss:domain:security:1.2">
> <security-domains>
> ...
> <security-domain name="haa-portal">
> <authentication>
> <login-module code="Database" flag="required">
> ...
> </login-module>
> </authentication>
> </security-domain>
> </security-domains>
> </subsystem>
> {code}
> The datasource is deployed and connected.
--
This message was sent by Atlassian JIRA
(v6.3.8#6338)
9 years, 7 months
[JBoss JIRA] (WFLY-4116) WAR deployment fails on missing security domain dependency
by Lars Hellgren (JIRA)
[ https://issues.jboss.org/browse/WFLY-4116?page=com.atlassian.jira.plugin.... ]
Lars Hellgren commented on WFLY-4116:
-------------------------------------
Jaikiran,
Thank you.
Lars
On Fri, Nov 21, 2014 at 9:23 PM, jaikiran pai (JIRA) <issues(a)jboss.org>
> WAR deployment fails on missing security domain dependency
> ----------------------------------------------------------
>
> Key: WFLY-4116
> URL: https://issues.jboss.org/browse/WFLY-4116
> Project: WildFly
> Issue Type: Feature Request
> Components: Security, Web (JBoss Web), Web (Undertow)
> Affects Versions: 8.2.0.Final
> Environment: Standalone form-based authentication WAR
> Reporter: Lars Hellgren
> Assignee: Darran Lofthouse
> Fix For: 8.2.0.Final
>
>
> Moving WARs using form based authentication from WildFly 8.1 Final to 8.2 Final fails due to a missing security domain dependency.
> *Log*
> {noformat}
> service jboss.security.security-domain.java:/jaas/haa-portal (missing) dependents:
> [service jboss.deployment.unit."haa-security-manager.war".component.SecurityManagerRepositorySessionBean.CREATE,
> service jboss.deployment.unit."haa-security-manager.war".component.UserPrefsRepository.CREATE]
> {noformat}
> *jboss-web.xml*
> {code:xml}
> <jboss-web>
> <security-domain>java:/jaas/haa-portal</security-domain>
> </jboss-web>
> {code}
> *standalone.xml*
> {code:xml}
> <subsystem xmlns="urn:jboss:domain:security:1.2">
> <security-domains>
> ...
> <security-domain name="haa-portal">
> <authentication>
> <login-module code="Database" flag="required">
> ...
> </login-module>
> </authentication>
> </security-domain>
> </security-domains>
> </subsystem>
> {code}
> The datasource is deployed and connected.
--
This message was sent by Atlassian JIRA
(v6.3.8#6338)
9 years, 7 months
[JBoss JIRA] (JBMETA-381) DefaultPropertyReplacer can't handle ${:} expression
by Brian Stansberry (JIRA)
Brian Stansberry created JBMETA-381:
---------------------------------------
Summary: DefaultPropertyReplacer can't handle ${:} expression
Key: JBMETA-381
URL: https://issues.jboss.org/browse/JBMETA-381
Project: JBoss Metadata
Issue Type: Bug
Components: common
Reporter: Brian Stansberry
Assignee: Brian Stansberry
Priority: Minor
If the string "${:}" is passed to default property replacer, it does not parse it as indicating File.pathSeparator; rather it treats it as the default delimiter.
${:} resolves to an empty string.
a${:} resolves to a
${:}a resolves to a
--
This message was sent by Atlassian JIRA
(v6.3.8#6338)
9 years, 7 months