March 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-432) Support setEnableSessionCreation on ServerSSLContextBuilder

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-432?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse commented on ELY-432: -------------------------------------- Stopping progress on this one for the moment - for this to be meaningful we will also need to be able to obtain manageable references to the SSLEngine or SSLSocket as controlling this flag would also mean we would need to be able to apply immediate runtime updates to those objects to effectively switch on and off the creation of new sessions. Unlike the other configuration items this is a setting that after configuration has been applied subsequent updates should still be allowed. > Support setEnableSessionCreation on ServerSSLContextBuilder > ----------------------------------------------------------- > > Key: ELY-432 > URL: https://issues.jboss.org/browse/ELY-432 > Project: WildFly Elytron > Issue Type: Feature Request > Components: SSL > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta5 > > > It is already possible to configure this one for XNIO and Undertow so we should add this config option to our own builder. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2023) Network unreachable with localhost addresses if -Djava.net.preferIPv4Stack=true isn't specified

by Richard Janík (JIRA)

Richard Janík created JGRP-2023: ----------------------------------- Summary: Network unreachable with localhost addresses if -Djava.net.preferIPv4Stack=true isn't specified Key: JGRP-2023 URL: https://issues.jboss.org/browse/JGRP-2023 Project: JGroups Issue Type: Bug Affects Versions: 3.6.8, 3.6.7 Environment: $ java -version java version "1.8.0_45" Java(TM) SE Runtime Environment (build 1.8.0_45-b14) Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode) Reporter: Richard Janík Assignee: Bela Ban When setting {{-bind_addr}} to localhost (either 127.0.0.1 or ::1) without specifying {{-Djava.net.preferIPv4Stack=true}}, JGroups fail to connect. The following errors are logged: {code} ------------------------------------------------------------------- GMS: address=rjanik-24069, cluster=draw, physical address=0:0:0:0:0:0:0:1:37921 ------------------------------------------------------------------- Mar 03, 2016 11:41:12 AM org.jgroups.protocols.TP$BaseBundler sendSingleMessage SEVERE: JGRP000029: rjanik-24069: failed sending message to cluster (108 bytes): java.io.IOException: Network is unreachable, headers: PING: [type=GET_MBRS_REQ, cluster=draw], TP: [cluster_name=draw] ** View=[rjanik-24069|0] (1) [rjanik-24069] Mar 03, 2016 11:41:15 AM org.jgroups.protocols.TP$BaseBundler sendSingleMessage SEVERE: JGRP000029: rjanik-24069: failed sending message to cluster (56 bytes): java.io.IOException: Network is unreachable, headers: NAKACK2: [MSG, seqno=1], TP: [cluster_name=draw] {code} I'm not sure if there's some other configuration option that I forgot to add, but the example (in Steps to Reproduce) works with previous versions (3.6.6 for example), so I assume not. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1233) Unable to specify alias for PKCS11 provider

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1233?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-1233. -------------------------------------- Fix Version/s: 3.0.0.Alpha1 Resolution: Rejected Marking this one as rejected as we do not plan to start adding additional features to the existing realms - however the ability to filter all KeyStore types has already been added to WildFly Elytron so as soon as we start using Elytron this kind of filtering will be possible for PKCS#11 KeyStores. > Unable to specify alias for PKCS11 provider > ------------------------------------------- > > Key: WFCORE-1233 > URL: https://issues.jboss.org/browse/WFCORE-1233 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 2.0.4.Final > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Minor > Labels: deprecated > Fix For: 3.0.0.Alpha1 > > > Unable to specify keystore alias for PKCS11 provider in SSL for security realm. > Specifying keystore alias works only for JKS keystore as stated here: > {code:xml} > <xs:attribute name="alias" type="xs:string" use="optional"> > <xs:annotation> > <xs:documentation> > The alias of the entry to use from the keystore, if specified all remaining > entries in the keystore will be ignored. > Note: The use of aliases is only available for JKS based stores, for other store types this will be ignored. > </xs:documentation> > </xs:annotation> > </xs:attribute> > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1233) Unable to specify alias for PKCS11 provider

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1233?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-1233: ------------------------------------- Labels: deprecated (was: ) > Unable to specify alias for PKCS11 provider > ------------------------------------------- > > Key: WFCORE-1233 > URL: https://issues.jboss.org/browse/WFCORE-1233 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 2.0.4.Final > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Minor > Labels: deprecated > > Unable to specify keystore alias for PKCS11 provider in SSL for security realm. > Specifying keystore alias works only for JKS keystore as stated here: > {code:xml} > <xs:attribute name="alias" type="xs:string" use="optional"> > <xs:annotation> > <xs:documentation> > The alias of the entry to use from the keystore, if specified all remaining > entries in the keystore will be ignored. > Note: The use of aliases is only available for JKS based stores, for other store types this will be ignored. > </xs:documentation> > </xs:annotation> > </xs:attribute> > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-137) Add Kerberos tests to domain-management module

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-137?page=com.atlassian.jira.plugin... ] Darran Lofthouse resolved WFCORE-137. ------------------------------------- Resolution: Out of Date Once Elytron is integrated we will review the additional tests required again. > Add Kerberos tests to domain-management module > ---------------------------------------------- > > Key: WFCORE-137 > URL: https://issues.jboss.org/browse/WFCORE-137 > Project: WildFly Core > Issue Type: Task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Alpha1 > > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-496) add-user.sh - if password contains § it is not possible to log into the webinterface

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-496?page=com.atlassian.jira.plugin... ] Darran Lofthouse updated WFCORE-496: ------------------------------------ Fix Version/s: (was: 3.0.0.Alpha1) > add-user.sh - if password contains § it is not possible to log into the webinterface > ------------------------------------------------------------------------------------ > > Key: WFCORE-496 > URL: https://issues.jboss.org/browse/WFCORE-496 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Environment: wheezy, Firefox 34.0.5, Chrome 36.0.1985.125 > Reporter: do ev > Assignee: Darran Lofthouse > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-107) Update whoami operation to return authentication mechanism where verbose=true

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-107?page=com.atlassian.jira.plugin... ] Darran Lofthouse commented on WFCORE-107: ----------------------------------------- Keeping this open but the scope has changed now - once Elytron is enabled this task should ensure the output from this operation is appropriate for an Elytron identity. (Obviously considering compatibility) > Update whoami operation to return authentication mechanism where verbose=true > ----------------------------------------------------------------------------- > > Key: WFCORE-107 > URL: https://issues.jboss.org/browse/WFCORE-107 > Project: WildFly Core > Issue Type: Feature Request > Components: Domain Management > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta1 > > > The admin console currently contains a "logout" handler that follows a round of HTTP message exchanges to trick the web browser into forgetting the credentials it has cached. > This only makes sense where the browser has cached a credential - if we return the authentication mechanism then the console can make a better decision regarding displaying the logout link or could change the implementation so display a message to the user explaining why logout does not make sense. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-372) Cache role mapping results for the span of the overall operation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-372?page=com.atlassian.jira.plugin... ] Darran Lofthouse resolved WFCORE-372. ------------------------------------- Resolution: Out of Date Marking this one as out of date as we are moving towards using WildFly Elytron - once WildFly Elytron is integrated we will need a much higher level review of performance optimisations that are possible. > Cache role mapping results for the span of the overall operation > ---------------------------------------------------------------- > > Key: WFCORE-372 > URL: https://issues.jboss.org/browse/WFCORE-372 > Project: WildFly Core > Issue Type: Sub-task > Components: Domain Management > Reporter: Brian Stansberry > Assignee: Darran Lofthouse > Labels: access_control, management_security, > Fix For: 3.0.0.Beta1 > > > Look into caching role mapping results for the duration of an overall operation. This would be an impl detail of the RoleMapper. With our standard mappers, the mapping results should not be changing in the middle of an operation, so I believe they should be cacheable. > Likely place to cache them is as an attachment in a context object that will be passed in to the Authorizer. It would have to be passed in to the RoleMapper as well. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-629) Enabled automatic encryption of passwords stored in configuration

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-629?page=com.atlassian.jira.plugin... ] Darran Lofthouse commented on WFCORE-629: ----------------------------------------- [~pskopek] Just passing this one your way as this would most likely be a follow up to your current work. > Enabled automatic encryption of passwords stored in configuration > ----------------------------------------------------------------- > > Key: WFCORE-629 > URL: https://issues.jboss.org/browse/WFCORE-629 > Project: WildFly Core > Issue Type: Feature Request > Components: Domain Management, Security > Environment: Wildfly 9 > Reporter: Jason Shepherd > Assignee: Peter Skopek > > Currently encrypting passwords such as Datasource passwords can only be done 'after the fact'. You have to create the datasource first, then retrospectively store the password in the vault and dereference it in the configuration. > It would be great if could turn on automatic storage of passwords in the vault so that when you create a Datasource password, or add a resource adapter which specifies a remote resource password, those passwords were automatically added to the vault, and deferenced in the configuration file. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-629) Enabled automatic encryption of passwords stored in configuration

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-629?page=com.atlassian.jira.plugin... ] Darran Lofthouse reassigned WFCORE-629: --------------------------------------- Assignee: Peter Skopek (was: Darran Lofthouse) > Enabled automatic encryption of passwords stored in configuration > ----------------------------------------------------------------- > > Key: WFCORE-629 > URL: https://issues.jboss.org/browse/WFCORE-629 > Project: WildFly Core > Issue Type: Feature Request > Components: Domain Management, Security > Environment: Wildfly 9 > Reporter: Jason Shepherd > Assignee: Peter Skopek > > Currently encrypting passwords such as Datasource passwords can only be done 'after the fact'. You have to create the datasource first, then retrospectively store the password in the vault and dereference it in the configuration. > It would be great if could turn on automatic storage of passwords in the vault so that when you create a Datasource password, or add a resource adapter which specifies a remote resource password, those passwords were automatically added to the vault, and deferenced in the configuration file. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2016