September 2014 - jboss-jira - Jboss List Archives

[JBoss JIRA] (JGRP-1883) Extend SASL protocol to handle Quality of Protection

by Richard Achmatowicz (JIRA)

[ https://issues.jboss.org/browse/JGRP-1883?page=com.atlassian.jira.plugin.... ] Richard Achmatowicz commented on JGRP-1883: ------------------------------------------- That isn't what I had in mind... and also there would have to be a lot of mechanism added to the protocol to make a scheme which reuses the SaslClient and SaslServer wrap/unwrap functions work in any case. What I had in mind is adding functionality to the JGroups SASL layer so that, from the outside, it looks and is configured as a regular SASL framework, supporting the QoP features mentioned above. Internally, it would bypass the SaslClient and SaslServer wrap/uwrap functions (which is what Tristan is referring to) and use the protocols and design of ENCRYPT to enforce integrity and confidentiality.. Otherwise, we will always be in the situation where we say "JGroups supports SASL" when in fact it does not; not in the sense that the QoP features of SASL are not there for use for *any* mechanism and we always have to add in an additional ENCRYPT layer to make up the shortfall on the integrity and confidentiality side. In that case, I don't see what the advantage of having a non fully-functional SASL layer is anyway. It seems like we want to move to a standard for configuring security, but not the whole way. As for David's remark, we could consider the shortcomings that he mentions and see to what extent they apply at present to ENCRYPT. Because as far as I understand it, ENCRYPT is basically SSL/TLS for JGroups. But that's potentially a separate issue. > Extend SASL protocol to handle Quality of Protection > ----------------------------------------------------- > > Key: JGRP-1883 > URL: https://issues.jboss.org/browse/JGRP-1883 > Project: JGroups > Issue Type: Feature Request > Affects Versions: 3.5 > Reporter: Richard Achmatowicz > Assignee: Bela Ban > Fix For: 3.6 > > > SASL implementations generally provide authentication and encryption services to communication protocols. > At present, the JGroups SASL protocol layer handles only authentication of a client joining a group; it does not support encryption of messages (unicast and multicast) passing through the SASL layer. This is presently handled by the separate ENCRYPT layer. > It would be nice to provide an integrated and complete solution for authentication and encryption for JGroups based on SASL. This could be achieved by adding functionality from ENCRYPT to the SASL layer. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-3902) Replace invalid RuntimePermissions with domain-specific permissions

by David Lloyd (JIRA)

David Lloyd created WFLY-3902: --------------------------------- Summary: Replace invalid RuntimePermissions with domain-specific permissions Key: WFLY-3902 URL: https://issues.jboss.org/browse/WFLY-3902 Project: WildFly Issue Type: Task Reporter: David Lloyd Assignee: David Lloyd Fix For: 9.0.0.CR1 Identify and if possible replace invalid usages of RuntimePermission in WildFly and its dependencies. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-3901) Please add the "relative-to" attribute to access-log in undertow

by Carlton Zachary (JIRA)

Carlton Zachary created WFLY-3901: ------------------------------------- Summary: Please add the "relative-to" attribute to access-log in undertow Key: WFLY-3901 URL: https://issues.jboss.org/browse/WFLY-3901 Project: WildFly Issue Type: Feature Request Components: Web (Undertow) Affects Versions: 8.1.0.Final Reporter: Carlton Zachary Assignee: Stuart Douglas I have been trying to point the "directory" attribute value to a var ${custom.jboss.server.log.dir} to write the access.log to a non-default location, but this diesn't work in undertow. It does work in EAP 6.2 JBoss-web. The custom.jboss.server.log.dir is defined in the "<paths>" in the servers section of the host-slave.xml file. In JBoss EAP 6.2 with jboss-web the access-log has the "relative-to" attribute, but this is not the case with access-log for undertow in WFLY 8.1. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JGRP-1880) UDP.ip_ttl is ignored and is always 1

by Bela Ban (JIRA)

[ https://issues.jboss.org/browse/JGRP-1880?page=com.atlassian.jira.plugin.... ] Bela Ban commented on JGRP-1880: -------------------------------- As we don't use DatagramChannel, there's no need to switch to JDK 7 as baseline. Reverted the changes in build.xml, pom.xml and TP to use JDK 6. > UDP.ip_ttl is ignored and is always 1 > ------------------------------------- > > Key: JGRP-1880 > URL: https://issues.jboss.org/browse/JGRP-1880 > Project: JGroups > Issue Type: Bug > Reporter: Bela Ban > Assignee: Bela Ban > Fix For: 3.5.1, 3.6 > > > Since we switched from using a {{MulticastSocket}} for sending of multicast packets to a {{DatagramSocket}}, the time-to-live (TTL) of a packet is always {{1}}. The reason is that method {{setTimeToLive()}} only exists in {{MulticastSocket}}, but not in {{DatagramSocket}}. > We cannot revert the code and use a {{MulticastSocket}} to send multicasts, as this won't reveal the real IP address of the sender, but only the multicast address, and the real address is needed to drop packets at the _transport level_. > Investigate whether we could use reflection to get the {{DatagramSocketImpl}} and call {{setTimeToLive()}}. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (REMJMX-88) Release Remoting JMX 1.1.3.Final