[JBoss JIRA] (WFCORE-372) Cache role mapping results for the span of the overall operation
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-372?page=com.atlassian.jira.plugin... ]
Darran Lofthouse updated WFCORE-372:
------------------------------------
Fix Version/s: 2.0.0.Alpha1
(was: 1.0.0.CR1)
> Cache role mapping results for the span of the overall operation
> ----------------------------------------------------------------
>
> Key: WFCORE-372
> URL: https://issues.jboss.org/browse/WFCORE-372
> Project: WildFly Core
> Issue Type: Sub-task
> Components: Domain Management
> Reporter: Brian Stansberry
> Assignee: Darran Lofthouse
> Labels: access_control, management_security,
> Fix For: 2.0.0.Alpha1
>
>
> Look into caching role mapping results for the duration of an overall operation. This would be an impl detail of the RoleMapper. With our standard mappers, the mapping results should not be changing in the middle of an operation, so I believe they should be cacheable.
> Likely place to cache them is as an attachment in a context object that will be passed in to the Authorizer. It would have to be passed in to the RoleMapper as well.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
11 years, 3 months
[JBoss JIRA] (WFCORE-301) Configuration of individual contexts for http management interface.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-301?page=com.atlassian.jira.plugin... ]
Darran Lofthouse updated WFCORE-301:
------------------------------------
Fix Version/s: 2.0.0.Alpha1
(was: 1.0.0.CR1)
> Configuration of individual contexts for http management interface.
> -------------------------------------------------------------------
>
> Key: WFCORE-301
> URL: https://issues.jboss.org/browse/WFCORE-301
> Project: WildFly Core
> Issue Type: Sub-task
> Components: Domain Management
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 2.0.0.Alpha1
>
>
> At the moment all management requests are handled over the '/management' context, we also have a '/console' context to serve up the files for the admin console.
> The '/management' context is secured using standard HTTP mechanisms, this decision was taken so that clients could be written in different languages and all they would need to know is how to use standard authentication mechanisms. Due to problems where web browsers could run malicious scripts cross origin resource sharing is completely disabled for this context.
> We need to start to open up the handling of cross origin requests for a couple of reasons: -
> - Enabling Keycloak SSO support.
> - Alternative console distribution options
> The '/management' context is going to be retained as-is for legacy clients, possibly even switched off by default.
> A new context can then be added using non-browser based authentication, this could be SSO Keycloak or could be a form of Digest authentication where the response is handled by the console and not the web browser - either way as the browser is bypassed it is no longer at risk of sending malicious cross origin requests.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
11 years, 3 months
[JBoss JIRA] (WFCORE-308) Switch default of skip-group-loading to 'true' for local auth.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-308?page=com.atlassian.jira.plugin... ]
Darran Lofthouse updated WFCORE-308:
------------------------------------
Fix Version/s: 2.0.0.Alpha1
(was: 1.0.0.CR1)
> Switch default of skip-group-loading to 'true' for local auth.
> --------------------------------------------------------------
>
> Key: WFCORE-308
> URL: https://issues.jboss.org/browse/WFCORE-308
> Project: WildFly Core
> Issue Type: Task
> Components: Domain Management
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 2.0.0.Alpha1
>
>
> The new attribute skip-group-loading was added to the local authentication definition by WFLY-3048 this needed to have a default of false for backwards compatibility purposes however in reality most would probably assume a default of true.
> For WildFly 9 switch the default to true. This change in default should probably only occur if the schema version is 3 or above.
> A transformer should not be required as this is not configuration that is propagated around a domain.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
11 years, 3 months
[JBoss JIRA] (WFCORE-60) Capabilities and requirements in a managed process
by Stuart Douglas (JIRA)
[ https://issues.jboss.org/browse/WFCORE-60?page=com.atlassian.jira.plugin.... ]
Stuart Douglas updated WFCORE-60:
---------------------------------
Fix Version/s: 1.0.0.CR1
(was: 1.0.0.Beta1)
> Capabilities and requirements in a managed process
> --------------------------------------------------
>
> Key: WFCORE-60
> URL: https://issues.jboss.org/browse/WFCORE-60
> Project: WildFly Core
> Issue Type: Feature Request
> Components: Domain Management
> Reporter: Brian Stansberry
> Assignee: Brian Stansberry
> Fix For: 1.0.0.CR1
>
>
> Implement the aspects discussed under the "Runtime" section of https://community.jboss.org/docs/DOC-52712
> Add an API to the OperationContext for handlers to publish capabilities and for other handlers to register a requirement for those capabilities and to access the API object associated with the capability.
> The registry of capabilities and requirements should be maintained with a semantic equivalent to the resource tree. The registry is copied-on-write, making the copy invisible to concurrently executing operations, and then the copy is published on commit of the operation that modified it. If the operation does not commit, the copy is discarded, so handlers have no need to revert changes they make to the registry.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
11 years, 3 months