[JBoss JIRA] (WFLY-399) mod_cluster subsystem: convert operation handlers to use OperationDefinition
by Jason Greene (JIRA)
[ https://issues.jboss.org/browse/WFLY-399?page=com.atlassian.jira.plugin.s... ]
Jason Greene updated WFLY-399:
------------------------------
Fix Version/s: 10.0.0.Alpha5
(was: 10.0.0.Alpha4)
> mod_cluster subsystem: convert operation handlers to use OperationDefinition
> ----------------------------------------------------------------------------
>
> Key: WFLY-399
> URL: https://issues.jboss.org/browse/WFLY-399
> Project: WildFly
> Issue Type: Sub-task
> Components: Clustering
> Affects Versions: 8.0.0.Final
> Reporter: Radoslav Husar
> Assignee: Radoslav Husar
> Fix For: 10.0.0.Alpha5
>
>
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/LoadMetricDefinition.java:[59,59] warning: [deprecation] PropertiesAttributeDefinition(java.lang.String,java.lang.String,boolean) in org.jboss.as.controller.PropertiesAttributeDefinition has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterConfigResourceDefinition.java:[277,29] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean,java.util.EnumSet<org.jboss.as.controller.registry.OperationEntry.Flag>) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterConfigResourceDefinition.java:[280,29] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean,java.util.EnumSet<org.jboss.as.controller.registry.OperationEntry.Flag>) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterConfigResourceDefinition.java:[283,29] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean,java.util.EnumSet<org.jboss.as.controller.registry.OperationEntry.Flag>) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterConfigResourceDefinition.java:[286,29] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean,java.util.EnumSet<org.jboss.as.controller.registry.OperationEntry.Flag>) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterSubsystemAdd.java:[160,19] warning: [deprecation] setProxyList(java.lang.String) in org.jboss.modcluster.config.impl.ModClusterConfig has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterSubsystemAdd.java:[166,15] warning: [deprecation] setExcludedContexts(java.lang.String) in org.jboss.modcluster.config.impl.ModClusterConfig has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterDefinition.java:[100,21] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean,java.util.EnumSet<org.jboss.as.controller.registry.OperationEntry.Flag>) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterDefinition.java:[103,21] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean,java.util.EnumSet<org.jboss.as.controller.registry.OperationEntry.Flag>) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterDefinition.java:[106,21] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean,java.util.EnumSet<org.jboss.as.controller.registry.OperationEntry.Flag>) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterDefinition.java:[110,21] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterDefinition.java:[113,21] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterDefinition.java:[117,21] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean,java.util.EnumSet<org.jboss.as.controller.registry.OperationEntry.Flag>) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterDefinition.java:[120,21] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean,java.util.EnumSet<org.jboss.as.controller.registry.OperationEntry.Flag>) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterDefinition.java:[124,21] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterDefinition.java:[127,21] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterDefinition.java:[130,21] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterDefinition.java:[134,21] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterDefinition.java:[137,21] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
> [WARNING] /home/rhusar/git/as-master-modcluster/modcluster/src/main/java/org/jboss/as/modcluster/ModClusterDefinition.java:[140,21] warning: [deprecation] registerOperationHandler(java.lang.String,org.jboss.as.controller.OperationStepHandler,org.jboss.as.controller.descriptions.DescriptionProvider,boolean) in org.jboss.as.controller.registry.ManagementResourceRegistration has been deprecated
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 11 months
[JBoss JIRA] (WFLY-442) Review of AccessController and PrivilegedAction use across AS7
by Jason Greene (JIRA)
[ https://issues.jboss.org/browse/WFLY-442?page=com.atlassian.jira.plugin.s... ]
Jason Greene updated WFLY-442:
------------------------------
Fix Version/s: 10.0.0.Alpha5
(was: 10.0.0.Alpha4)
> Review of AccessController and PrivilegedAction use across AS7
> --------------------------------------------------------------
>
> Key: WFLY-442
> URL: https://issues.jboss.org/browse/WFLY-442
> Project: WildFly
> Issue Type: Task
> Components: Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Labels: investigation_required
> Fix For: 10.0.0.Alpha5
>
>
> The following needs reviewing across AS7: -
> - On demand instantiation of PrivilegedActions where singletons would suffice (Consider frequency of calls, gc may be preferable).
> - Use of AccessController even though there is no SecurityManager set.
> - Code duplication, in every case I have seen so far the code is the same regardless of if PRIVILEGED or NON_PRIVILEGED
> - Utility methods with visibility too high.
> - In depth review of the other methods, i.e. if the first thing a public method does is set the class loader based on a parameter passed in it could be used badly - it may even be a justification for that method to NOT use a PrivilegedAction.
> - Code that requires to be executed using a PrivilegedAction should also be double checked that it is not doing too much as the identity of the caller.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 11 months
[JBoss JIRA] (WFLY-431) Revisit enforcement of required file system permissions.
by Jason Greene (JIRA)
[ https://issues.jboss.org/browse/WFLY-431?page=com.atlassian.jira.plugin.s... ]
Jason Greene updated WFLY-431:
------------------------------
Fix Version/s: 10.0.0.Alpha5
(was: 10.0.0.Alpha4)
> Revisit enforcement of required file system permissions.
> --------------------------------------------------------
>
> Key: WFLY-431
> URL: https://issues.jboss.org/browse/WFLY-431
> Project: WildFly
> Issue Type: Task
> Components: Domain Management
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Labels: management_security,
> Fix For: 10.0.0.Alpha5
>
>
> Now that AS8 has moved to Java 7 we can re-visit the level of control we have over file system permissions, this can be from taking more control of the local authentication mechanism to ensure incorrect permissions are not inherited to verifying sensitive configuration files are not world readable.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 11 months
[JBoss JIRA] (WFLY-466) Detect JBossWS Configuration for @PermitAll endpoints within Undertow subsystem.
by Jason Greene (JIRA)
[ https://issues.jboss.org/browse/WFLY-466?page=com.atlassian.jira.plugin.s... ]
Jason Greene updated WFLY-466:
------------------------------
Fix Version/s: 10.0.0.Alpha5
(was: 10.0.0.Alpha4)
> Detect JBossWS Configuration for @PermitAll endpoints within Undertow subsystem.
> --------------------------------------------------------------------------------
>
> Key: WFLY-466
> URL: https://issues.jboss.org/browse/WFLY-466
> Project: WildFly
> Issue Type: Task
> Components: Web (Undertow)
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 10.0.0.Alpha5
>
>
> UNDERTOW-38 has added the possibility of deploying web applications where authentication is mandated but no authorization checks are performed - this is required for integration use cases such as EJB endpoints where authorization checks are being left to the EJB container.
> This task is to update the Undertow susbsystem to detect this scenario and enable the new mode for UNDERTOW-38.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 11 months
[JBoss JIRA] (WFLY-447) Connection Reauthentication and Security Propagation
by Jason Greene (JIRA)
[ https://issues.jboss.org/browse/WFLY-447?page=com.atlassian.jira.plugin.s... ]
Jason Greene updated WFLY-447:
------------------------------
Fix Version/s: 10.0.0.Alpha5
(was: 10.0.0.Alpha4)
> Connection Reauthentication and Security Propagation
> ----------------------------------------------------
>
> Key: WFLY-447
> URL: https://issues.jboss.org/browse/WFLY-447
> Project: WildFly
> Issue Type: Task
> Components: EJB, Remoting, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Labels: authentication_service
> Fix For: 10.0.0.Alpha5
>
>
> This task is a top level task to coordinate the addition of support for switching to different security identities on an existing connection over Remoting.
> This is to predominantly cover two major scenarios: -
> - Clients using a single connection but require different calls to be executed as different users, in this case the client has the information required to start a new authentication as a different user.
> - Server to server communication where the first server has already authenticated a remote user - for this scenario the first server needs a way to tell the second server what identity to run the call as.
> The following document is building up the requirements and design considerations and decisions: -
> https://community.jboss.org/wiki/ConnectionRe-AuthenticationAndSecurityPr...
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 11 months
[JBoss JIRA] (WFLY-483) Allow more control over authentication for server to server communication through remote-outbound-connection
by Jason Greene (JIRA)
[ https://issues.jboss.org/browse/WFLY-483?page=com.atlassian.jira.plugin.s... ]
Jason Greene updated WFLY-483:
------------------------------
Fix Version/s: 10.0.0.Alpha5
(was: 10.0.0.Alpha4)
> Allow more control over authentication for server to server communication through remote-outbound-connection
> ------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-483
> URL: https://issues.jboss.org/browse/WFLY-483
> Project: WildFly
> Issue Type: Sub-task
> Components: Remoting, Security
> Reporter: jaikiran pai
> Assignee: Darran Lofthouse
> Labels: authentication_service
> Fix For: 10.0.0.Alpha5
>
>
> Right now for server to server communication via a remote-outbound-connection, we expect a static username to be specified (along with the security realm). User applications which use this remote-outbound-connection, for example an EJB application, do not have much control over the user/pass information, since the username is static. This further acts a drawback since the username that's used to connect to the remote server will be used as the (application) user who invoked the EJB.
> It would be good to allow more control over the authentication for the remote-outbound-connection.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 11 months
[JBoss JIRA] (WFLY-487) Verify audit implications and required APIs
by Jason Greene (JIRA)
[ https://issues.jboss.org/browse/WFLY-487?page=com.atlassian.jira.plugin.s... ]
Jason Greene updated WFLY-487:
------------------------------
Fix Version/s: 10.0.0.Alpha5
(was: 10.0.0.Alpha4)
> Verify audit implications and required APIs
> -------------------------------------------
>
> Key: WFLY-487
> URL: https://issues.jboss.org/browse/WFLY-487
> Project: WildFly
> Issue Type: Sub-task
> Components: Domain Management, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Labels: authentication_service
> Fix For: 10.0.0.Alpha5
>
>
> Auditing may be logging as the user that executes a request, if we have used a trust relationship for a request to be run as a different user we need to be able to track back to identify how the user for the request was selected.
> i.e. If userA runs something as userB and does something bad we must be able to track back that it was userA making the overall request without userB getting the blame.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 11 months
[JBoss JIRA] (WFLY-1598) Out of the box SSL - or shortly after.
by Jason Greene (JIRA)
[ https://issues.jboss.org/browse/WFLY-1598?page=com.atlassian.jira.plugin.... ]
Jason Greene updated WFLY-1598:
-------------------------------
Fix Version/s: 10.0.0.Alpha5
(was: 10.0.0.Alpha4)
> Out of the box SSL - or shortly after.
> --------------------------------------
>
> Key: WFLY-1598
> URL: https://issues.jboss.org/browse/WFLY-1598
> Project: WildFly
> Issue Type: Sub-task
> Components: Domain Management, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Critical
> Labels: management_security,, management_sso
> Fix For: 10.0.0.Alpha5
>
>
> There are various reasons that we do not support SSL/TLS out of the box e.g.
> - If we ship a default keystore then everyone has access to the private key.
> - Generating one on first boot we do not have sufficient information to generate it correctly, also the performance overhead.
> This issue is to explorer other options to encourage their use and make it easier to configure.
> As an example could the admin console detect a non encrypted connection and have an box that encourages the config along with a wizard like workflow to get it set up?
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 11 months