February 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-268) Review how mechanisms meet HttpAuthenticator

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-268?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-268: --------------------------------- Fix Version/s: 1.1.0.Beta6 (was: 1.1.0.Beta5) > Review how mechanisms meet HttpAuthenticator > -------------------------------------------- > > Key: ELY-268 > URL: https://issues.jboss.org/browse/ELY-268 > Project: WildFly Elytron > Issue Type: Sub-task > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta6 > > > The current implementation is using a Supplier<List<HttpServerAuthenticationMechanism>> when get is called on this Supplier a ServerAuthenticationContext needs to be created, then all possible mechanisms need to be queried before the list of mechanisms is created. > The HTTP Authenticator is created per request. API may be fine but we may need an easier way to provide all the mechanisms. > Will look at that one later once hot deployment is also considered fully. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-279) Support CORS

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-279?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-279: --------------------------------- Fix Version/s: 1.1.0.Beta6 (was: 1.1.0.Beta5) > Support CORS > ------------ > > Key: ELY-279 > URL: https://issues.jboss.org/browse/ELY-279 > Project: WildFly Elytron > Issue Type: Feature Request > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta6 > > > This is something that can possibly be tied in around the HTTP authentication framework meaning that the control of this can live in the HTTP authentication policy within Elytron rather than at the front end. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-208) Update SASL mechanism testing to also be domain backed.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-208?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-208: --------------------------------- Fix Version/s: 1.1.0.Beta6 (was: 1.1.0.Beta5) > Update SASL mechanism testing to also be domain backed. > ------------------------------------------------------- > > Key: ELY-208 > URL: https://issues.jboss.org/browse/ELY-208 > Project: WildFly Elytron > Issue Type: Task > Components: Testsuite > Reporter: Darran Lofthouse > Assignee: Kabir Khan > Fix For: 1.1.0.Beta6 > > > There may be a little bit more work required before this is possible but we need to ensure SASL mechanisms are also tested using a CallbackHandler they are likely to encounter which will really be the one from ServerAuthenticationContext. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-211) Client-side trust store configuration

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-211?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-211: --------------------------------- Fix Version/s: 1.1.0.Beta6 (was: 1.1.0.Beta5) > Client-side trust store configuration > ------------------------------------- > > Key: ELY-211 > URL: https://issues.jboss.org/browse/ELY-211 > Project: WildFly Elytron > Issue Type: Task > Components: Authentication Client > Reporter: David Lloyd > Assignee: David Lloyd > Fix For: 1.1.0.Beta6 > > > Lest I forget. The client needs the ability to supplement the default trust store, to restrict the set of acceptable peer certificates/signers, for mutual authentication purposes. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-212) Client-side SSL context configuration is subtly wrong

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-212?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-212: --------------------------------- Fix Version/s: 1.1.0.Beta6 (was: 1.1.0.Beta5) > Client-side SSL context configuration is subtly wrong > ----------------------------------------------------- > > Key: ELY-212 > URL: https://issues.jboss.org/browse/ELY-212 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Reporter: David Lloyd > Assignee: David Lloyd > Fix For: 1.1.0.Beta6 > > > SSL context client-side configuration is problematic in that the SSL context is not (and cannot be) cached. This means that we lose SSL session reuse and other benefits which may cause problems for users. > However we also cannot just cache an SSL context on a configuration either - the client credentials may vary on each request, causing leakage between identities. > What we need to do is have a separate SSL context client configuration mechanism, and use the generic client context configuration to reference this SSL context client configuration. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-251) More certain credential based mechanism selection.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-251?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-251: --------------------------------- Fix Version/s: 1.1.0.Beta6 (was: 1.1.0.Beta5) > More certain credential based mechanism selection. > -------------------------------------------------- > > Key: ELY-251 > URL: https://issues.jboss.org/browse/ELY-251 > Project: WildFly Elytron > Issue Type: Task > Components: SASL > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta6 > > > When filtering authentication mechanisms we need to really be able to offer two modes: - > 1 - Only offer a mech if we are sure it is supported. > Risks only offering a weaker mechanism in a mixed domain but also eliminates mechanisms that could fail for a valid user that just happens to have a different credential type. > 2- More general support. > i.e. offer the mechs that may be supported. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-252) Take into account username after failed authentication for available mechs

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-252?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-252: --------------------------------- Fix Version/s: 1.1.0.Beta6 (was: 1.1.0.Beta5) > Take into account username after failed authentication for available mechs > -------------------------------------------------------------------------- > > Key: ELY-252 > URL: https://issues.jboss.org/browse/ELY-252 > Project: WildFly Elytron > Issue Type: Task > Components: SASL > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta6 > > > This is something we would need to be cautious about as it does risk revealing information to an attacker but after a files attempt we may have more information and be able to offer mechanisms based on this. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-427) Add CLIENT_CERT authentication mechanism.

by Darran Lofthouse (JIRA)

Darran Lofthouse created ELY-427: ------------------------------------ Summary: Add CLIENT_CERT authentication mechanism. Key: ELY-427 URL: https://issues.jboss.org/browse/ELY-427 Project: WildFly Elytron Issue Type: Sub-task Components: HTTP Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 1.1.0.Beta5 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-181) Review JACC in Servlet and EJB subsystems

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-181?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-181: --------------------------------- Fix Version/s: 1.1.0.Beta6 (was: 1.1.0.Beta5) > Review JACC in Servlet and EJB subsystems > ----------------------------------------- > > Key: ELY-181 > URL: https://issues.jboss.org/browse/ELY-181 > Project: WildFly Elytron > Issue Type: Sub-task > Components: API / SPI > Reporter: Pedro Igor > Assignee: Pedro Igor > Fix For: 1.1.0.Beta6 > > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-107) Add ability for security domains to create SSLContext directly from config

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-107?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse resolved ELY-107. ---------------------------------- Resolution: Out of Date Resolving as out of date as this is covered by ServerSSLContextBuilder. Effectively so far we have three different policy objects that reference a security domain but are not used by the security domain, ServerSSLContextBuilder is one of them. > Add ability for security domains to create SSLContext directly from config > -------------------------------------------------------------------------- > > Key: ELY-107 > URL: https://issues.jboss.org/browse/ELY-107 > Project: WildFly Elytron > Issue Type: Enhancement > Components: API / SPI > Reporter: David Lloyd > Assignee: Darran Lofthouse > Labels: elytron_ssl > Fix For: 1.1.0.Beta5 > > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2016