November 2015 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-303) Verify compatibility with RFC7617 "The 'Basic' HTTP Authentication Scheme"

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-303?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-303: --------------------------------- Fix Version/s: 1.1.0.Beta3 (was: 1.1.0.Beta2) > Verify compatibility with RFC7617 "The 'Basic' HTTP Authentication Scheme" > -------------------------------------------------------------------------- > > Key: ELY-303 > URL: https://issues.jboss.org/browse/ELY-303 > Project: WildFly Elytron > Issue Type: Task > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta3 > > > This RFC has now reached the stage of being a proposed standard. > https://www.rfc-editor.org/info/rfc7617 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-290) Ensure a sensible default timeout on the LDAP connections

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-290?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-290: --------------------------------- Fix Version/s: 1.1.0.Beta3 (was: 1.1.0.Beta2) > Ensure a sensible default timeout on the LDAP connections > --------------------------------------------------------- > > Key: ELY-290 > URL: https://issues.jboss.org/browse/ELY-290 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Realms > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta3 > > > By long enough I mean long enough to cope with network performance issues but short enough to prevent permanent hangs. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-286) HTTP Digest Authentication

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-286?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-286: --------------------------------- Fix Version/s: 1.1.0.Beta3 (was: 1.1.0.Beta2) > HTTP Digest Authentication > -------------------------- > > Key: ELY-286 > URL: https://issues.jboss.org/browse/ELY-286 > Project: WildFly Elytron > Issue Type: Sub-task > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta3 > > > Original Digest RFC [https://tools.ietf.org/html/rfc2069] > Current Digest RFC [https://tools.ietf.org/html/rfc2617] > HTTP 1.1 Authentication (Updates RFC2617) [https://tools.ietf.org/html/rfc7235] > Draft currently under discussion - [https://datatracker.ietf.org/doc/draft-ietf-httpauth-digest/] > RFC7616 Now Proposed Standard > "HTTP Digest Access Authentication", September 2015 > [https://www.rfc-editor.org/info/rfc7616] -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-274) Add handling for ExtendedChoiceCallback to AuthenticationConfiguration

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-274?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-274: --------------------------------- Fix Version/s: 1.1.0.Beta3 (was: 1.1.0.Beta2) > Add handling for ExtendedChoiceCallback to AuthenticationConfiguration > ---------------------------------------------------------------------- > > Key: ELY-274 > URL: https://issues.jboss.org/browse/ELY-274 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Callbacks > Reporter: Kabir Khan > Assignee: Kabir Khan > Fix For: 1.1.0.Beta3 > > > Needed for things like OTP -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-273) Expose RealmIdentity.getAttributes()

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-273?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-273: --------------------------------- Fix Version/s: 1.1.0.Beta3 (was: 1.1.0.Beta2) > Expose RealmIdentity.getAttributes() > ------------------------------------ > > Key: ELY-273 > URL: https://issues.jboss.org/browse/ELY-273 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Realms > Reporter: Kabir Khan > Assignee: Kabir Khan > Fix For: 1.1.0.Beta3 > > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-272) When loading a RealmIdentity with no attributes, make sure we get an empty modifiable AttributesImpl

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-272?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-272: --------------------------------- Fix Version/s: 1.1.0.Beta3 (was: 1.1.0.Beta2) > When loading a RealmIdentity with no attributes, make sure we get an empty modifiable AttributesImpl > ---------------------------------------------------------------------------------------------------- > > Key: ELY-272 > URL: https://issues.jboss.org/browse/ELY-272 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Realms > Reporter: Kabir Khan > Assignee: Kabir Khan > Fix For: 1.1.0.Beta3 > > > Currently only FileSystemRealm is modifiable -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-268) Review how mechanisms meet HttpAuthenticator

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-268?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-268: --------------------------------- Fix Version/s: 1.1.0.Beta3 (was: 1.1.0.Beta2) > Review how mechanisms meet HttpAuthenticator > -------------------------------------------- > > Key: ELY-268 > URL: https://issues.jboss.org/browse/ELY-268 > Project: WildFly Elytron > Issue Type: Sub-task > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta3 > > > The current implementation is using a Supplier<List<HttpServerAuthenticationMechanism>> when get is called on this Supplier a ServerAuthenticationContext needs to be created, then all possible mechanisms need to be queried before the list of mechanisms is created. > The HTTP Authenticator is created per request. API may be fine but we may need an easier way to provide all the mechanisms. > Will look at that one later once hot deployment is also considered fully. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-263) Revisit ServerAuthenticationContext.querySaslServerMechanismNames

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-263?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-263: --------------------------------- Fix Version/s: 1.1.0.Beta3 (was: 1.1.0.Beta2) > Revisit ServerAuthenticationContext.querySaslServerMechanismNames > ----------------------------------------------------------------- > > Key: ELY-263 > URL: https://issues.jboss.org/browse/ELY-263 > Project: WildFly Elytron > Issue Type: Task > Components: API / SPI > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta3 > > > Does this method still have a use? > If so we probably need to adjust all filtering factory implements to support the query all flag. > Also if it does HTTP may need the same treatment. > If not maybe we remove the whole method. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-262) The equivalent of wrap and unwrap for HTTP authentication mechanisms

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-262?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-262: --------------------------------- Fix Version/s: 1.1.0.Beta3 (was: 1.1.0.Beta2) > The equivalent of wrap and unwrap for HTTP authentication mechanisms > -------------------------------------------------------------------- > > Key: ELY-262 > URL: https://issues.jboss.org/browse/ELY-262 > Project: WildFly Elytron > Issue Type: Sub-task > Components: HTTP > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta3 > > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-252) Take into account username after failed authentication for available mechs

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-252?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-252: --------------------------------- Fix Version/s: 1.1.0.Beta3 (was: 1.1.0.Beta2) > Take into account username after failed authentication for available mechs > -------------------------------------------------------------------------- > > Key: ELY-252 > URL: https://issues.jboss.org/browse/ELY-252 > Project: WildFly Elytron > Issue Type: Task > Components: SASL > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta3 > > > This is something we would need to be cautious about as it does risk revealing information to an attacker but after a files attempt we may have more information and be able to offer mechanisms based on this. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 5 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira November 2015