October 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-1600) Update the legacy security realms to add factory methods to obtain SaslAuthenticationFactory and HttpAuthenticationFactory instances.

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1600?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-1600: ------------------------------------- Fix Version/s: 3.0.0.Alpha12 (was: 3.0.0.Alpha11) > Update the legacy security realms to add factory methods to obtain SaslAuthenticationFactory and HttpAuthenticationFactory instances. > ------------------------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-1600 > URL: https://issues.jboss.org/browse/WFCORE-1600 > Project: WildFly Core > Issue Type: Enhancement > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Alpha12 > > > These are for use when security realms are directly referenced, although Elytron types these should not be advertised as capabilities as these are for specific backwards compatibility requirements and not to increase their use as Elytron capabilities. -- This message was sent by Atlassian JIRA (v7.2.2#72004)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1533) Integrate Management Access Control permission assignment with Elytron

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1533?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-1533: ------------------------------------- Fix Version/s: 3.0.0.Alpha12 (was: 3.0.0.Alpha11) > Integrate Management Access Control permission assignment with Elytron > ---------------------------------------------------------------------- > > Key: WFCORE-1533 > URL: https://issues.jboss.org/browse/WFCORE-1533 > Project: WildFly Core > Issue Type: Feature Request > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Labels: affects_elytron > Fix For: 3.0.0.Alpha12 > > > A big portion of management role based access control is taking the assigned roles and then mapping these to the permissions for that role. > Elytron provides a new PermissionMapper interface that takes a SecurityIdentity and the roles mapped for that identity and returns a PermissionVerifier which can be as simple as a wrapper around a PermissionCollection. > This will also be a good opportunity to start to move the role mapping out of the core management model to Elytron. > After that Elytron allows for custom PermissionMapper implementations to be provided and associated with the domain using capabilities and requirements so we arrive at a point where provided the permission checks performed by management are generic enough custom PermissionMapper / PermissionVerifier implementations can be added that may or may not be role based. > _Note: As with everything we are doing old and new need to be supported in parallel for a while although this may be achieved by providing default Elytron implementations that are wrappers around the old._ -- This message was sent by Atlassian JIRA (v7.2.2#72004)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1438) Elytron integration with logging subsystem

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1438?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-1438: ------------------------------------- Fix Version/s: 3.0.0.Alpha12 (was: 3.0.0.Alpha11) > Elytron integration with logging subsystem > ------------------------------------------ > > Key: WFCORE-1438 > URL: https://issues.jboss.org/browse/WFCORE-1438 > Project: WildFly Core > Issue Type: Feature Request > Components: Logging > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Alpha12 > > > This is primarily an investigation task to start with, Logging can use syslog, Syslog access can be protected with TLS, Elytron is providing unified SSL configuration - do we need to bring these together. -- This message was sent by Atlassian JIRA (v7.2.2#72004)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1598) Conversion of Elytron SecurityIdentity to Subject for communication with older hosts.

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1598?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-1598: ------------------------------------- Fix Version/s: 3.0.0.Alpha12 (was: 3.0.0.Alpha11) > Conversion of Elytron SecurityIdentity to Subject for communication with older hosts. > ------------------------------------------------------------------------------------- > > Key: WFCORE-1598 > URL: https://issues.jboss.org/browse/WFCORE-1598 > Project: WildFly Core > Issue Type: Task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Alpha12 > > > In the domain hierarchy clients trust the server they communicate with so this server currently sends a serialized representation of the Subject containing information about the user initiating the request. > For Elytron we will use the new identity propagation features however for older slaves we will need to convert to a Subject representation. -- This message was sent by Atlassian JIRA (v7.2.2#72004)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1691) Upgrade to Remoting JMX 3.0.0.Alpha1

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1691?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-1691: ------------------------------------- Fix Version/s: 3.0.0.Alpha12 (was: 3.0.0.Alpha11) > Upgrade to Remoting JMX 3.0.0.Alpha1 > ------------------------------------ > > Key: WFCORE-1691 > URL: https://issues.jboss.org/browse/WFCORE-1691 > Project: WildFly Core > Issue Type: Component Upgrade > Components: JMX > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Alpha12 > > -- This message was sent by Atlassian JIRA (v7.2.2#72004)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1891) Split WildFly Elytron into two modules with a public / private split.

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1891?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-1891: ------------------------------------- Fix Version/s: 3.0.0.Alpha12 (was: 3.0.0.Alpha11) > Split WildFly Elytron into two modules with a public / private split. > --------------------------------------------------------------------- > > Key: WFCORE-1891 > URL: https://issues.jboss.org/browse/WFCORE-1891 > Project: WildFly Core > Issue Type: Task > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 3.0.0.Alpha12 > > > The Elytron jar will be contained within a private module, possibly 'elytron-private' then a module 'elytron' will depend on this and make the public packages visible. > The following packages have been identified as being private: - > org.wildfly.security._private > org.wildfly.security.asn1 > org.wildfly.security.auth.realm > org.wildfly.security.auth.realm.* > org.wildfly.security.authz.jacc > org.wildfly.security.credential.store.impl > org.wildfly.security.security.digest > org.wildfly.security.http.impl > org.wildfly.security.security.keystore > org.wildfly.security.mechanism.oauth2 > org.wildfly.security.mechanism.scram > org.wildfly.security.password.impl > org.wildfly.security.password.util > org.wildfly.security.pem > org.wildfly.security.sasl > org.wildfly.security.sasl.* (Except util) > org.wildfly.security.util > org.wildfly.security.util_private > org.wildfly.security.x500 > org.wildfly.security.x500.cert -- This message was sent by Atlassian JIRA (v7.2.2#72004)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1884) Introduce discovery subsystem

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1884?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-1884: ------------------------------------- Fix Version/s: 3.0.0.Alpha12 (was: 3.0.0.Alpha11) > Introduce discovery subsystem > ----------------------------- > > Key: WFCORE-1884 > URL: https://issues.jboss.org/browse/WFCORE-1884 > Project: WildFly Core > Issue Type: Enhancement > Reporter: David Lloyd > Assignee: David Lloyd > Fix For: 3.0.0.Alpha12 > > > Introduce discovery subsystem to be used by any other subsystem which can utilize discovery. -- This message was sent by Atlassian JIRA (v7.2.2#72004)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1822) Address thread safety of CredentialReference

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1822?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-1822: ------------------------------------- Fix Version/s: 3.0.0.Alpha12 (was: 3.0.0.Alpha11) > Address thread safety of CredentialReference > -------------------------------------------- > > Key: WFCORE-1822 > URL: https://issues.jboss.org/browse/WFCORE-1822 > Project: WildFly Core > Issue Type: Task > Components: Security > Reporter: Darran Lofthouse > Assignee: Peter Skopek > Fix For: 3.0.0.Alpha12 > > > Following on from the comments in this pull requests some minor follow up is required regarding thread safety of CredentialReference: - > https://github.com/wildfly/wildfly-core/pull/1816 -- This message was sent by Atlassian JIRA (v7.2.2#72004)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1701) In-VM Identity Representation

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1701?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-1701: ------------------------------------- Fix Version/s: 3.0.0.Alpha12 (was: 3.0.0.Alpha11) > In-VM Identity Representation > ----------------------------- > > Key: WFCORE-1701 > URL: https://issues.jboss.org/browse/WFCORE-1701 > Project: WildFly Core > Issue Type: Task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Alpha12 > > > If Elytron has no current SecurityIdentity then an anonymous identity is used. The issue however is that this anonymous identity could be because the current user does not have access to be inflowed to the SecurityDomain being used for management or it could be because it is an in-vm call and no identity is established. > We need a solution to safely represent an in-vm call and differentiate it from a user with no appropriate identity, -- This message was sent by Atlassian JIRA (v7.2.2#72004)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1802) Integrate OpenSSL Provider registration with Elytron

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1802?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-1802: ------------------------------------- Fix Version/s: 3.0.0.Alpha12 (was: 3.0.0.Alpha11) > Integrate OpenSSL Provider registration with Elytron > ---------------------------------------------------- > > Key: WFCORE-1802 > URL: https://issues.jboss.org/browse/WFCORE-1802 > Project: WildFly Core > Issue Type: Task > Reporter: Stuart Douglas > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Alpha12 > > > We need to remove the following block from SecurityRealmResourceDefinition: - > {code} > static { > //register the Openssl Provider, if possible > //not really sure if this is the best place for it > try { > OpenSSLProvider.register(); > DomainManagementLogger.ROOT_LOGGER.registeredOpenSSLProvider(); > } catch (Throwable t){ > DomainManagementLogger.ROOT_LOGGER.debugf(t, "Failed to register OpenSSL provider"); > } > } > {code} > Registration will then be possible within the Elytron subsystem configuration. -- This message was sent by Atlassian JIRA (v7.2.2#72004)

9 years, 6 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira October 2016