September 2014 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-448) Authorization Checks for Services over Remoting

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-448?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved WFLY-448. ----------------------------------- Fix Version/s: 9.0.0.Beta1 Resolution: Out of Date And access control has already been provided covering management and JMX > Authorization Checks for Services over Remoting > ----------------------------------------------- > > Key: WFLY-448 > URL: https://issues.jboss.org/browse/WFLY-448 > Project: WildFly > Issue Type: Task > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Labels: Authorization > Fix For: 9.0.0.Beta1 > > > As all services are now moving to be exposed over Remoting connectors they can all be secured using the same realm. This task is to ensure each at the very least has a basis for an authorization check that can be extended for more complex service specific requirements. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-489) Authorization check for JNDI

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-489?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved WFLY-489. ----------------------------------- Fix Version/s: 9.0.0.Beta1 Resolution: Out of Date > Authorization check for JNDI > ---------------------------- > > Key: WFLY-489 > URL: https://issues.jboss.org/browse/WFLY-489 > Project: WildFly > Issue Type: Sub-task > Components: Naming, Remoting, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Labels: Authorization > Fix For: 9.0.0.Beta1 > > -- This message was sent by Atlassian JIRA (v6.3.1#6329)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-534) Make realms fully manageable through domain.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-534?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved WFLY-534. ----------------------------------- Fix Version/s: 9.0.0.Beta1 Resolution: Out of Date This whole area is being re-visited with Elytron. > Make realms fully manageable through domain. > -------------------------------------------- > > Key: WFLY-534 > URL: https://issues.jboss.org/browse/WFLY-534 > Project: WildFly > Issue Type: Feature Request > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Labels: Realm_Management, management_security,, management_sso > Fix For: 9.0.0.Beta1 > > > For the management interfaces we are making use of realms backed by CallbackHandlers for the authenticators / mechanisms. > This Jira is to look at making the contents of these realms manageable where possible e.g. : - > - Definition of users > - Modifications to users / password resets > - Role memberships -- This message was sent by Atlassian JIRA (v6.3.1#6329)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-326) Logout a remote client from server and clearing login module cache.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-326?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved WFLY-326. ----------------------------------- Fix Version/s: 9.0.0.Beta1 Resolution: Out of Date This whole area is being re-visited with Elytron. > Logout a remote client from server and clearing login module cache. > ------------------------------------------------------------------- > > Key: WFLY-326 > URL: https://issues.jboss.org/browse/WFLY-326 > Project: WildFly > Issue Type: Feature Request > Components: Remoting, Security, Server > Environment: java 1.6 > win 7 64 bit > 4 gb ram > Reporter: Serkan Yıldırım > Assignee: Darran Lofthouse > Labels: Remoting_Management, jboss-as7, login-module, logout, remoting, security > Fix For: 9.0.0.Beta1 > > > I have a custom login module. I authenticate and authorize a user (creating roles) by using this custom module. When i close the remote application, i want to logout the user from server so that clear login module cache, i.e deleting principals and roles from the cache. I couldn't find a solution for this problem in forum. If it exists, could you please explain it, thanks. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-486) Implement Trust for users requesting to run as a different user.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-486?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved WFLY-486. ----------------------------------- Resolution: Out of Date This whole area is being re-visited with Elytron. > Implement Trust for users requesting to run as a different user. > ---------------------------------------------------------------- > > Key: WFLY-486 > URL: https://issues.jboss.org/browse/WFLY-486 > Project: WildFly > Issue Type: Sub-task > Components: Remoting, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Labels: authentication_service > Fix For: 9.0.0.Beta1 > > > Where SASL is used for authentication users can request to authenticate as themselves but to be authorized to connect to the server as a different user. > A couple of examples where this could be used: - > - A user granting access to another user to log into their account. > - A user with two levels of access e.g. normal and admin and requesting they have admin level access. > Another area we are looking to use this feature is where one server connects to another server but want to be able to run requests on the remote server using the identity of a specified user. > This Jira issue is to enhance the security realms to allow for trust permissions to be defined - initially this will be local to a single realm but will subsequently be opened up to work across different realms. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-484) Re visit authentication tokens

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-484?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved WFLY-484. ----------------------------------- Resolution: Out of Date This whole area is being re-visited with Elytron and other SSO initiatives. > Re visit authentication tokens > ------------------------------ > > Key: WFLY-484 > URL: https://issues.jboss.org/browse/WFLY-484 > Project: WildFly > Issue Type: Sub-task > Components: Domain Management > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Labels: Common_Authentication, management_security,, management_sso > Fix For: 9.0.0.Beta1 > > > We had previously considered authentication tokens for the realm secured interfaces, this issue is just to track re-considering them again. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-564) Update the pluggable user store SPI to allow for modifications to the store through domain operations

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-564?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved WFLY-564. ----------------------------------- Fix Version/s: 9.0.0.Beta1 Resolution: Out of Date This whole area is being re-visited with Elytron. > Update the pluggable user store SPI to allow for modifications to the store through domain operations > ----------------------------------------------------------------------------------------------------- > > Key: WFLY-564 > URL: https://issues.jboss.org/browse/WFLY-564 > Project: WildFly > Issue Type: Task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Labels: Realm_Management, management_security,, management_sso > Fix For: 9.0.0.Beta1 > > > This should be something along the lines of 'If the user store implements interface X expose domain management ops to update the store' > This would be optional so either read only stores or fully manageable stores can be used with AS7 realms. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-566) Using pre-digested passwords, having all installations with the same realm could reduce the effectiveness

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-566?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved WFLY-566. ----------------------------------- Resolution: Out of Date This whole area is being re-visited with Elytron. > Using pre-digested passwords, having all installations with the same realm could reduce the effectiveness > --------------------------------------------------------------------------------------------------------- > > Key: WFLY-566 > URL: https://issues.jboss.org/browse/WFLY-566 > Project: WildFly > Issue Type: Task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Labels: Realm_Management, management_security, > Fix For: 9.0.0.Beta1 > > > Can we generate a name of first boot? Possibly even separate the internal name use to link from the realm to the name presented to the end users? -- This message was sent by Atlassian JIRA (v6.3.1#6329)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-464) Domain Management - Add support for database authentication.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-464?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved WFLY-464. ----------------------------------- Resolution: Out of Date This whole area is being re-visited with Elytron. > Domain Management - Add support for database authentication. > ------------------------------------------------------------ > > Key: WFLY-464 > URL: https://issues.jboss.org/browse/WFLY-464 > Project: WildFly > Issue Type: Task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > > It should be possible to define a database authentication element for authentication of incoming connections against a database. > Ideally the password should be obtainable from the database to allow us to use DIGEST authentication but if not a fallback to verify the password should be supported. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-1217) Pass through Digest authentication against LDAP

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-1217?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-1217: ----------------------------------- Assignee: (was: Darran Lofthouse) > Pass through Digest authentication against LDAP > ----------------------------------------------- > > Key: WFLY-1217 > URL: https://issues.jboss.org/browse/WFLY-1217 > Project: WildFly > Issue Type: Feature Request > Components: Domain Management, Security > Reporter: Darran Lofthouse > Labels: Common_Authentication > Fix For: Awaiting Volunteers > > > It is possible for a client to authenticate against an LDAP server using Digest authentication. > This task is to make use of this with both our SASL mechanism and HTTP authenticator to provide a pass through check. > We need AS7-3691 first and then this needs to be implemented in a way that can consistently be used for both SASL and HTTP Digest. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

10 years, 1 month

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira September 2014