November 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2058) Add a DomainXml_5 Parser

by Darran Lofthouse (JIRA)

Darran Lofthouse created WFCORE-2058: ---------------------------------------- Summary: Add a DomainXml_5 Parser Key: WFCORE-2058 URL: https://issues.jboss.org/browse/WFCORE-2058 Project: WildFly Core Issue Type: Task Components: Domain Management Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 3.0.0.Alpha13 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-802) Elytron ExternalSaslServer should throw IllegalStateException for wrap/unwrap methods

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/ELY-802?page=com.atlassian.jira.plugin.sy... ] David Lloyd commented on ELY-802: --------------------------------- +1, there might already be messages defined for this case. > Elytron ExternalSaslServer should throw IllegalStateException for wrap/unwrap methods > ------------------------------------------------------------------------------------- > > Key: ELY-802 > URL: https://issues.jboss.org/browse/ELY-802 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Josef Cacek > Assignee: Darran Lofthouse > > Calling {{wrap/unwrap}} methods on {{ExternalSaslServer}} should throw {{IllegalStateException}} as defines [SaslServer contract|http://docs.oracle.com/javase/8/docs/api/javax/security/sasl/Sas...]. Currently it throws a {{SaslException}}. > We could be inspired by OpenJDK implementation of CRAM-MD5 and do the following in both methods: > {code:java} > if (completed) { > throw new IllegalStateException( > "EXTERNAL supports neither integrity nor privacy"); > } else { > throw new IllegalStateException( > "Authentication not completed"); > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-803) Elytron ExternalSaslServer must finish with null returned from evaluateResponse method

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/ELY-803?page=com.atlassian.jira.plugin.sy... ] David Lloyd commented on ELY-803: --------------------------------- Yeah I agree that this is the right fix. > Elytron ExternalSaslServer must finish with null returned from evaluateResponse method > -------------------------------------------------------------------------------------- > > Key: ELY-803 > URL: https://issues.jboss.org/browse/ELY-803 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Josef Cacek > Assignee: Darran Lofthouse > Priority: Critical > > The {{ExternalSaslServer.evaluateResponse}} returns empty byte array instead of null after successful authentication. > [The contract|http://docs.oracle.com/javase/8/docs/api/javax/security/sasl/Sas...] says: > {quote} > It is null if the authentication has succeeded and there is no more challenge data to be sent to the client. > {quote} > *Possible fix* > Return null when authentication succeeds. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7700) Elytron DIGEST misconfiguration not handled

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-7700?page=com.atlassian.jira.plugin.... ] Martin Choma updated WFLY-7700: ------------------------------- Labels: user_experience (was: ) > Elytron DIGEST misconfiguration not handled > ------------------------------------------- > > Key: WFLY-7700 > URL: https://issues.jboss.org/browse/WFLY-7700 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Priority: Critical > Labels: user_experience > > When realm name from web.xml and server configuration differs, user is not informed about that fact. > Could misconfiguration be handled by failing during application deployment as application requirement could not be satisfied? > {code:title=web.xml} > <login-config> > <auth-method>DIGEST</auth-method> > <realm-name>Secured kingdom</realm-name> > </login-config> > {code} > {code:title=standalone-elytron.xml} > <http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain"> > <mechanism-configuration> > <mechanism mechanism-name="DIGEST"> > <mechanism-realm realm-name="ApplicationRealm"/> > </mechanism> > </mechanism-configuration> > </http-authentication-factory> > {code} > {code:title=server.log} > 17:06:18,278 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback > 17:06:18,282 TRACE [org.wildfly.security] (default task-1) New nonce generated AAAAAQAAGoxim7G7FMLLnVddA7s69JDh5sRsiZ5aEDhg7qf+dB2Rjs7xwrg=, using seed Secured kingdom > 17:06:22,308 TRACE [org.wildfly.security] (default task-2) Handling MechanismInformationCallback > 17:06:22,311 TRACE [org.wildfly.security] (default task-2) Handling AvailableRealmsCallback: realms = [Application Realm] > 17:06:22,312 TRACE [org.wildfly.security] (default task-2) Handling AvailableRealmsCallback: realms = [Application Realm] > 17:06:22,312 TRACE [org.wildfly.security] (default task-2) Handling RealmCallback: selected = [Secured kingdom] > 17:06:22,314 TRACE [org.wildfly.security] (default task-2) New nonce generated AAAAAgAAGo1TCzTJDpmA8HsI2fS4ZfJ60KbECZU6edCP9UepmGnyV93iP6c=, using seed Secured kingdom > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7700) Elytron DIGEST misconfiguration not handled

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-7700?page=com.atlassian.jira.plugin.... ] Martin Choma moved JBEAP-7570 to WFLY-7700: ------------------------------------------- Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-7700 (was: JBEAP-7570) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Security (was: Security) (was: User Experience) > Elytron DIGEST misconfiguration not handled > ------------------------------------------- > > Key: WFLY-7700 > URL: https://issues.jboss.org/browse/WFLY-7700 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Priority: Critical > Labels: user_experience > > When realm name from web.xml and server configuration differs, user is not informed about that fact. > Could misconfiguration be handled by failing during application deployment as application requirement could not be satisfied? > {code:title=web.xml} > <login-config> > <auth-method>DIGEST</auth-method> > <realm-name>Secured kingdom</realm-name> > </login-config> > {code} > {code:title=standalone-elytron.xml} > <http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain"> > <mechanism-configuration> > <mechanism mechanism-name="DIGEST"> > <mechanism-realm realm-name="ApplicationRealm"/> > </mechanism> > </mechanism-configuration> > </http-authentication-factory> > {code} > {code:title=server.log} > 17:06:18,278 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback > 17:06:18,282 TRACE [org.wildfly.security] (default task-1) New nonce generated AAAAAQAAGoxim7G7FMLLnVddA7s69JDh5sRsiZ5aEDhg7qf+dB2Rjs7xwrg=, using seed Secured kingdom > 17:06:22,308 TRACE [org.wildfly.security] (default task-2) Handling MechanismInformationCallback > 17:06:22,311 TRACE [org.wildfly.security] (default task-2) Handling AvailableRealmsCallback: realms = [Application Realm] > 17:06:22,312 TRACE [org.wildfly.security] (default task-2) Handling AvailableRealmsCallback: realms = [Application Realm] > 17:06:22,312 TRACE [org.wildfly.security] (default task-2) Handling RealmCallback: selected = [Secured kingdom] > 17:06:22,314 TRACE [org.wildfly.security] (default task-2) New nonce generated AAAAAgAAGo1TCzTJDpmA8HsI2fS4ZfJ60KbECZU6edCP9UepmGnyV93iP6c=, using seed Secured kingdom > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7699) Operation count-messages on queue in domain should not be available for profile

by Jeff Mesnil (JIRA)

[ https://issues.jboss.org/browse/WFLY-7699?page=com.atlassian.jira.plugin.... ] Jeff Mesnil moved JBEAP-7568 to WFLY-7699: ------------------------------------------ Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-7699 (was: JBEAP-7568) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: JMS (was: JMS) Affects Version/s: 10.1.0.Final (was: 7.0.0.GA) > Operation count-messages on queue in domain should not be available for profile > ------------------------------------------------------------------------------- > > Key: WFLY-7699 > URL: https://issues.jboss.org/browse/WFLY-7699 > Project: WildFly > Issue Type: Bug > Components: JMS > Affects Versions: 10.1.0.Final > Reporter: Jeff Mesnil > Assignee: Jeff Mesnil > > Operation {{:count-messages}} should not be available in profile - for example: > {code} > [domain@localhost:9990 /] /profile=full-ha/subsystem=messaging-activemq/server=default/jms-queue=DLQ:count-messages() > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7698) Elytron auth method misconfiguration not logged

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-7698?page=com.atlassian.jira.plugin.... ] Martin Choma updated WFLY-7698: ------------------------------- Priority: Critical (was: Major) > Elytron auth method misconfiguration not logged > ----------------------------------------------- > > Key: WFLY-7698 > URL: https://issues.jboss.org/browse/WFLY-7698 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Priority: Critical > Labels: user_experience > > When deployment is configured to be secured with DIGEST, but {{http-authentication-factory}} does not list DIGEST mechanism, user is not informed about misconfiguration. Even when TRACE logging is turned on. When user tries to access app 403 http code is returned and Forbidden is shown in browser. I would expect browser dialog to appear to allow user provide credentials (401 http status code). > {code:title=web.xml} > <login-config> > <auth-method>DIGEST</auth-method> > <realm-name>ApplicaitonRealm</realm-name> > </login-config> > {code} > {code:title=standalone-elytron.xml} > <http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain"> > <mechanism-configuration> > <mechanism mechanism-name="BASIC"> > <mechanism-realm realm-name="Application Realm"/> > </mechanism> > <mechanism mechanism-name="FORM"/> > </mechanism-configuration> > </http-authentication-factory> > {code} > This applies globally to all authentication mechanisms, not only DIGEST. > Could elytron handle misconfiguration: > * either fail during deploying application as deployment requirement can't be satisfy > * or provide reasonable elytron defaults of missing mechanism configuration. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7698) Elytron auth method misconfiguration not logged

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-7698?page=com.atlassian.jira.plugin.... ] Martin Choma updated WFLY-7698: ------------------------------- Description: When deployment is configured to be secured with DIGEST, but {{http-authentication-factory}} does not list DIGEST mechanism, user is not informed about misconfiguration. Even when TRACE logging is turned on. When user tries to access app 403 http code is returned and Forbidden is shown in browser. I would expect browser dialog to appear to allow user provide credentials (401 http status code). {code:title=web.xml} <login-config> <auth-method>DIGEST</auth-method> <realm-name>ApplicaitonRealm</realm-name> </login-config> {code} {code:title=standalone-elytron.xml} <http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain"> <mechanism-configuration> <mechanism mechanism-name="BASIC"> <mechanism-realm realm-name="Application Realm"/> </mechanism> <mechanism mechanism-name="FORM"/> </mechanism-configuration> </http-authentication-factory> {code} This applies globally to all authentication mechanisms, not only DIGEST. Could elytron handle misconfiguration: * either fail during deploying application as deployment requirement can't be satisfy * or provide reasonable elytron defaults of missing mechanism configuration. was: When deployment is configured to be secured with DIGEST, but {{http-authentication-factory}} does not list DIGEST mechanism, user is not informed about misconfiguration. Even when TRACE logging is turned on. When user tries to access app 403 http code is returned and Forbidden is shown in browser. I would expect browser dialog to appear to allow user provide credentials (401 http status code). {code:title=web.xml} <login-config> <auth-method>DIGEST</auth-method> <realm-name>ApplicaitonRealm</realm-name> </login-config> {code} {code:title=standalone-elytron.xml} <http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain"> <mechanism-configuration> <mechanism mechanism-name="BASIC"> <mechanism-realm realm-name="Application Realm"/> </mechanism> <mechanism mechanism-name="FORM"/> </mechanism-configuration> </http-authentication-factory> {code} This applies globally to all authentication mechanisms, not only DIGEST. Could misconfiguration be logged : * Either during deploying application. * or during authentication attempt > Elytron auth method misconfiguration not logged > ----------------------------------------------- > > Key: WFLY-7698 > URL: https://issues.jboss.org/browse/WFLY-7698 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Labels: user_experience > > When deployment is configured to be secured with DIGEST, but {{http-authentication-factory}} does not list DIGEST mechanism, user is not informed about misconfiguration. Even when TRACE logging is turned on. When user tries to access app 403 http code is returned and Forbidden is shown in browser. I would expect browser dialog to appear to allow user provide credentials (401 http status code). > {code:title=web.xml} > <login-config> > <auth-method>DIGEST</auth-method> > <realm-name>ApplicaitonRealm</realm-name> > </login-config> > {code} > {code:title=standalone-elytron.xml} > <http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain"> > <mechanism-configuration> > <mechanism mechanism-name="BASIC"> > <mechanism-realm realm-name="Application Realm"/> > </mechanism> > <mechanism mechanism-name="FORM"/> > </mechanism-configuration> > </http-authentication-factory> > {code} > This applies globally to all authentication mechanisms, not only DIGEST. > Could elytron handle misconfiguration: > * either fail during deploying application as deployment requirement can't be satisfy > * or provide reasonable elytron defaults of missing mechanism configuration. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-803) Elytron ExternalSaslServer must finish with null returned from evaluateResponse method

by Josef Cacek (JIRA)

Josef Cacek created ELY-803: ------------------------------- Summary: Elytron ExternalSaslServer must finish with null returned from evaluateResponse method Key: ELY-803 URL: https://issues.jboss.org/browse/ELY-803 Project: WildFly Elytron Issue Type: Bug Reporter: Josef Cacek Assignee: Darran Lofthouse Priority: Critical The {{ExternalSaslServer.evaluateResponse}} returns empty byte array instead of null after successful authentication. [The contract|http://docs.oracle.com/javase/8/docs/api/javax/security/sasl/Sas...] says: {quote} It is null if the authentication has succeeded and there is no more challenge data to be sent to the client. {quote} *Possible fix* Return null when authentication succeeds. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-802) Elytron ExternalSaslServer should throw IllegalStateException for wrap/unwrap methods

by Josef Cacek (JIRA)

Josef Cacek created ELY-802: ------------------------------- Summary: Elytron ExternalSaslServer should throw IllegalStateException for wrap/unwrap methods Key: ELY-802 URL: https://issues.jboss.org/browse/ELY-802 Project: WildFly Elytron Issue Type: Bug Reporter: Josef Cacek Assignee: Darran Lofthouse Calling {{wrap/unwrap}} methods on {{ExternalSaslServer}} should throw {{IllegalStateException}} as defines [SaslServer contract|http://docs.oracle.com/javase/8/docs/api/javax/security/sasl/Sas...]. Currently it throws a {{SaslException}}. We could be inspired by OpenJDK implementation of CRAM-MD5 and do the following in both methods: {code:java} if (completed) { throw new IllegalStateException( "EXTERNAL supports neither integrity nor privacy"); } else { throw new IllegalStateException( "Authentication not completed"); } {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira November 2016