October 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-658) OAuth2 Resource Owner Password Credentials Callback

by Pedro Igor (JIRA)

Pedro Igor created ELY-658: ------------------------------ Summary: OAuth2 Resource Owner Password Credentials Callback Key: ELY-658 URL: https://issues.jboss.org/browse/ELY-658 Project: WildFly Elytron Issue Type: Feature Request Components: Callbacks Affects Versions: 1.1.0.Beta10 Reporter: Pedro Igor Assignee: Pedro Igor We must be able to allow OAuth2 SASL clients to obtain tokens on behalf of an user using the Resource Owner Password Credentials Grant Type [1]. To do that we should provide a {{Callback}} that could be used to handle all the necessary logic related with grant type. This should also allow Elytron to support other grant types defined by OAuth2 in the future. Configuration wise, we must be able to obtain the necessary configuration to integrate with an OAuth2/OpenID Connect identity provider. Where this configuration should be purely based on standard options such as those specified by OpenID Connect Discovery [2]. In fact, maybe we should change our current OAuth2 SASL Client and Servers to refer to OpenID Connect instead. As we are basically addressing authentication and that is what OpenID Connect really provides, differently than OAuth2 that is basically a authorization and delegation protocol. [1] https://tools.ietf.org/html/rfc6749#page-9 [2] https://openid.net/specs/openid-connect-discovery-1_0.html -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-627) Elytron introduces SSL/TLS protocol constraints

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-627?page=com.atlassian.jira.plugin.sy... ] Jan Kalina commented on ELY-627: -------------------------------- IBM values: we dont need to support SSL_TLS + SSL_TLSv2, as it is only shortcut to select more protocols which we already support. I will add the mapping from standard text names (like "TLSv1.2") to enum values. > Elytron introduces SSL/TLS protocol constraints > ----------------------------------------------- > > Key: ELY-627 > URL: https://issues.jboss.org/browse/ELY-627 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.1.0.Beta8 > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Blocker > > {noformat} > "protocols" => { > "type" => LIST, > "description" => "The enabled protocols.", > "expressions-allowed" => true, > "nillable" => false, > "allowed" => [ > "SSLv2", > "SSLv3", > "TLSv1", > "TLSv1_1", > "TLSv1_2", > "TLSv1_3" > ], > "value-type" => STRING, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "resource-services" > }, > {noformat} > Why elytron on this place is going to validate user input and map standard java values [1] into proprietary values? > Whereas on other similar places (KeyManager algorithm, TrustManager algorithm, Keystore types) it leaves up to user to set proper value. > IMO, with such mapping another place, where bugs can raise was introduced. EAP will be here always one step back compared to java. > Note, IBM java already today defines little bit different protocols set [2] > I wonder, where is that mapping "TLSv1_2 -> TLSv1.2" acually performed? I couldn't find that place. > [1] https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardN... > [2] http://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.secu... -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7193) No log messages comming from Elytron - ssl context creation

by Peter Skopek (JIRA)

[ https://issues.jboss.org/browse/WFLY-7193?page=com.atlassian.jira.plugin.... ] Peter Skopek commented on WFLY-7193: ------------------------------------ PR: https://github.com/wildfly-security/wildfly-elytron/pull/502 has been merged > No log messages comming from Elytron - ssl context creation > ----------------------------------------------------------- > > Key: WFLY-7193 > URL: https://issues.jboss.org/browse/WFLY-7193 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Martin Choma > Assignee: Jan Kalina > > Elytron is missing any log messages related to ssl context creation. These log messages should be added. See JBEAP-6041 for more details. > Seems to me it would be useful for troubleshooting to have logged on > TRACE level: > - Keystore initialization with parameters > - Filtering keystore initialization with parameters > - KeyManager / TrustManager initialization with parameters > - Client / Server SSLContext initialization with parameters > WARN level: > - Certificate expired (on key store init, all certificates) -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1859) Investigate and fix JDK9 modular params propagation to forked processes

by Richard Opalka (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1859?page=com.atlassian.jira.plugi... ] Richard Opalka reassigned WFCORE-1859: -------------------------------------- Assignee: Richard Opalka > Investigate and fix JDK9 modular params propagation to forked processes > ----------------------------------------------------------------------- > > Key: WFCORE-1859 > URL: https://issues.jboss.org/browse/WFCORE-1859 > Project: WildFly Core > Issue Type: Sub-task > Components: Server, Test Suite > Reporter: Richard Opalka > Assignee: Richard Opalka > Priority: Blocker > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7278) Unable to add trust-manager with ldap-key-store (classloading)

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFLY-7278?page=com.atlassian.jira.plugin.... ] Jan Kalina commented on WFLY-7278: ---------------------------------- Also would be better to not require to have a LDAP server online to create the resource - LDAP should be contacted when required - this behavior would solve this issue too probably. > Unable to add trust-manager with ldap-key-store (classloading) > -------------------------------------------------------------- > > Key: WFLY-7278 > URL: https://issues.jboss.org/browse/WFLY-7278 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Jan Kalina > Assignee: Jan Kalina > > When *ldap-key-store* is used in *trust-manager*, trust-manager creation fails: > {code:java} > Caused by: javax.naming.NamingException: WFLYNAM0027: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "org.wildfly.extension.elytron:main" from local module loader @77a57272 (finder: local module finder @7181ae3f (roots: /home/jkalina/wildfly/wildfly/build/target/wildfly-11.0.0.Alpha1-SNAPSHOT/modules,/home/jkalina/wildfly/wildfly/build/target/wildfly-11.0.0.Alpha1-SNAPSHOT/modules/system/layers/base)) [Root exception is java.lang.ClassNotFoundException: com.sun.jndi.ldap.LdapCtxFactory from [Module "org.wildfly.extension.elytron:main" from local module loader @77a57272 (finder: local module finder @7181ae3f (roots: /home/jkalina/wildfly/wildfly/build/target/wildfly-11.0.0.Alpha1-SNAPSHOT/modules,/home/jkalina/wildfly/wildfly/build/target/wildfly-11.0.0.Alpha1-SNAPSHOT/modules/system/layers/base))]] > at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:118) > at org.jboss.as.naming.InitialContext.init(InitialContext.java:99) > at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) > at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89) > at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43) > at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) > at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) > at javax.naming.InitialContext.init(InitialContext.java:244) > at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) > at org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder$SimpleDirContextFactory.createDirContext(SimpleDirContextFactoryBuilder.java:286) > at org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder$SimpleDirContextFactory.obtainDirContext(SimpleDirContextFactoryBuilder.java:222) > at org.wildfly.extension.elytron.DirContextDefinition.lambda$null$0(DirContextDefinition.java:148) > at org.wildfly.security.keystore.LdapKeyStoreSpi.obtainDirContext(LdapKeyStoreSpi.java:120) > ... 16 more > java.lang.ClassNotFoundException: com.sun.jndi.ldap.LdapCtxFactory from [Module "org.wildfly.extension.elytron:main" from local module loader @77a57272 (finder: local module finder @7181ae3f (roots: /home/jkalina/wildfly/wildfly/build/target/wildfly-11.0.0.Alpha1-SNAPSHOT/modules,/home/jkalina/wildfly/wildfly/build/target/wildfly-11.0.0.Alpha1-SNAPSHOT/modules/system/layers/base))] > at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:199) > at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:364) > at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:352) > at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:94) > at java.lang.Class.forName0(Native Method) > at java.lang.Class.forName(Class.java:348) > at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:113) > ... 28 more > {code} > Direct key-store aliases listing using works ok: > {code:java} > /subsystem=elytron/ldap-key-store=LKS1/:read-children-names(child-type=alias) > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-657) Wrong error message in OAuth2Client

by David Lloyd (JIRA)

David Lloyd created ELY-657: ------------------------------- Summary: Wrong error message in OAuth2Client Key: ELY-657 URL: https://issues.jboss.org/browse/ELY-657 Project: WildFly Elytron Issue Type: Enhancement Components: Authentication Mechanisms Reporter: David Lloyd Priority: Minor In OAuth2Client, if the bearer token callback is unsupported, an {{mechCallbackHandlerDoesNotSupportUserName}} is generated. There should be an error that is more specific to the token callback. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1859) Investigate and fix JDK9 modular params propagation to forked processes

by Richard Opalka (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1859?page=com.atlassian.jira.plugi... ] Richard Opalka commented on WFCORE-1859: ---------------------------------------- On JDK 9 it is necessary (at least for now) to run WildFly's DomainController, HostController and ServerInstance with some modular options present on command line to make them work. It is not clear if JDK 9 modular params should be copied from DomainController to HostController and further from HostController to ServerInstance or these options should be configured separately and different way. Anyway this issue will be addressed in near future. For now I'm sending temporary solution to make WildFly-Core at least work on JDK9 so we can track the regressions as JDK9 EAs are released. > Investigate and fix JDK9 modular params propagation to forked processes > ----------------------------------------------------------------------- > > Key: WFCORE-1859 > URL: https://issues.jboss.org/browse/WFCORE-1859 > Project: WildFly Core > Issue Type: Sub-task > Components: Server, Test Suite > Reporter: Richard Opalka > Priority: Blocker > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7293) Wildfly eats the CPU up to 100% and does not respond

by Stuart Douglas (JIRA)

Stuart Douglas created WFLY-7293: ------------------------------------ Summary: Wildfly eats the CPU up to 100% and does not respond Key: WFLY-7293 URL: https://issues.jboss.org/browse/WFLY-7293 Project: WildFly Issue Type: Bug Affects Versions: 10.1.0.Final Environment: Ubuntu 14.04, Linux 3.19, Oracle Java 8u91 64-bit Reporter: Krisztian Kocsis Assignee: Stuart Douglas Hi! I have a JAX-RS application and after a lot of load, one thread eats up the CPU (100% usage) even when the load test app is terminated, and never drops down until I restart the app server. It causes me a lot of headeches because it totally makes the app server unusable until I restart, but the users unable to use the app in the meanwhile. I'v attached the stack trace but I unfortunately don't see anything according to my knowledge. Please help me, I can provide more information if necessary. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7275) Wildfly eats the CPU up to 100% and does not respond

by Stuart Douglas (JIRA)

[ https://issues.jboss.org/browse/WFLY-7275?page=com.atlassian.jira.plugin.... ] Stuart Douglas commented on WFLY-7275: -------------------------------------- I have submitted an XNIO pull request that should fix this. I think the problem is caused by the use of CONNECTION_HIGH_WATER to control the max number of connections. > Wildfly eats the CPU up to 100% and does not respond > ---------------------------------------------------- > > Key: WFLY-7275 > URL: https://issues.jboss.org/browse/WFLY-7275 > Project: WildFly > Issue Type: Bug > Affects Versions: 10.1.0.Final > Environment: Ubuntu 14.04, Linux 3.19, Oracle Java 8u91 64-bit > Reporter: Krisztian Kocsis > Assignee: Stuart Douglas > Attachments: Screen Shot 2016-10-07 at 20.18.27.png, Screen Shot 2016-10-07 at 20.18.31.png, wildfly-after-hang+1min.txt, wildfly-after-hang.txt, wildfly-hang-real-stacktrace.txt, wildfly-hang.txt > > > Hi! > > I have a JAX-RS application and after a lot of load, one thread eats up the CPU (100% usage) even when the load test app is terminated, and never drops down until I restart the app server. > It causes me a lot of headeches because it totally makes the app server unusable until I restart, but the users unable to use the app in the meanwhile. > > I'v attached the stack trace but I unfortunately don't see anything according to my knowledge. > Please help me, I can provide more information if necessary. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7275) Wildfly eats the CPU up to 100% and does not respond

by Stuart Douglas (JIRA)

[ https://issues.jboss.org/browse/WFLY-7275?page=com.atlassian.jira.plugin.... ] Stuart Douglas reassigned WFLY-7275: ------------------------------------ Assignee: Stuart Douglas (was: Jason Greene) > Wildfly eats the CPU up to 100% and does not respond > ---------------------------------------------------- > > Key: WFLY-7275 > URL: https://issues.jboss.org/browse/WFLY-7275 > Project: WildFly > Issue Type: Bug > Affects Versions: 10.1.0.Final > Environment: Ubuntu 14.04, Linux 3.19, Oracle Java 8u91 64-bit > Reporter: Krisztian Kocsis > Assignee: Stuart Douglas > Attachments: Screen Shot 2016-10-07 at 20.18.27.png, Screen Shot 2016-10-07 at 20.18.31.png, wildfly-after-hang+1min.txt, wildfly-after-hang.txt, wildfly-hang-real-stacktrace.txt, wildfly-hang.txt > > > Hi! > > I have a JAX-RS application and after a lot of load, one thread eats up the CPU (100% usage) even when the load test app is terminated, and never drops down until I restart the app server. > It causes me a lot of headeches because it totally makes the app server unusable until I restart, but the users unable to use the app in the meanwhile. > > I'v attached the stack trace but I unfortunately don't see anything according to my knowledge. > Please help me, I can provide more information if necessary. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira October 2016