[JBoss JIRA] (ELY-473) True credential forwarding support
by David Lloyd (JIRA)
[ https://issues.jboss.org/browse/ELY-473?page=com.atlassian.jira.plugin.sy... ]
David Lloyd updated ELY-473:
----------------------------
Summary: True credential forwarding support (was: True forwarding credential support)
> True credential forwarding support
> ----------------------------------
>
> Key: ELY-473
> URL: https://issues.jboss.org/browse/ELY-473
> Project: WildFly Elytron
> Issue Type: Enhancement
> Reporter: David Lloyd
> Priority: Minor
> Fix For: 1.1.0.Beta5
>
>
> Now we are ready for true support for forwarding credentials.
> The credentials should be associated with the SecurityIdentity itself. A permission check is required to acquire them (maybe even both a code permission check *and* a user authorization check).
> We could support holding one credential per type+algorithm combination, or simply a list of credentials which can be queried.
> Authentication client API should be enhanced to search a security domain's current identity for a forwarding credential to use.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
10 years, 1 month
[JBoss JIRA] (ELY-473) True forwarding credential support
by David Lloyd (JIRA)
David Lloyd created ELY-473:
-------------------------------
Summary: True forwarding credential support
Key: ELY-473
URL: https://issues.jboss.org/browse/ELY-473
Project: WildFly Elytron
Issue Type: Enhancement
Reporter: David Lloyd
Priority: Minor
Fix For: 1.1.0.Beta5
Now we are ready for true support for forwarding credentials.
The credentials should be associated with the SecurityIdentity itself. A permission check is required to acquire them (maybe even both a code permission check *and* a user authorization check).
We could support holding one credential per type+algorithm combination, or simply a list of credentials which can be queried.
Authentication client API should be enhanced to search a security domain's current identity for a forwarding credential to use.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
10 years, 1 month
[JBoss JIRA] (ELY-466) Add a GSSCredential CredentialStore
by David Lloyd (JIRA)
[ https://issues.jboss.org/browse/ELY-466?page=com.atlassian.jira.plugin.sy... ]
David Lloyd commented on ELY-466:
---------------------------------
Is this a duplicate of ELY-454?
> Add a GSSCredential CredentialStore
> -----------------------------------
>
> Key: ELY-466
> URL: https://issues.jboss.org/browse/ELY-466
> Project: WildFly Elytron
> Issue Type: Feature Request
> Components: Credential Store
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.1.0.Beta5
>
>
> This will be used to provide GSSCredential instances for use by authentication mechanisms.
> Ideally a single store can support multiple credentials, the alias paramater may be a good way to map from the host name of the request to the ticket to use.
> Need to think how much this makes sense to load using the Provider as it could potentially have quite a verbose configuration.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
10 years, 1 month
[JBoss JIRA] (ELY-446) Additional fields on SecurityIdentity
by David Lloyd (JIRA)
[ https://issues.jboss.org/browse/ELY-446?page=com.atlassian.jira.plugin.sy... ]
David Lloyd commented on ELY-446:
---------------------------------
During the F2F it was thought that perhaps some of this information belongs in other contexts. As long as the PermissionMapper or authorization policy can access these other objects, it should be able to make accurate and correct authorization decisions. We might want to provide standard contexts of these types though.
> Additional fields on SecurityIdentity
> -------------------------------------
>
> Key: ELY-446
> URL: https://issues.jboss.org/browse/ELY-446
> Project: WildFly Elytron
> Issue Type: Enhancement
> Components: API / SPI
> Reporter: David Lloyd
> Assignee: David Lloyd
>
> The following useful properties could be added to SecurityIdentity:
> * Identity creation time (the time when the identity itself is created, whether by login or by run-as)
> * Authentication information, including:
> ** Login timestamp (the time of the original authentication)
> ** Login mechanism & kind (SASL/HTTP/TLS etc.)
> ** Login protocol (HTTP/Remoting/etc.) incl. enclosing TLS information if any
> * Authentication identity information, including:
> ** Original authentication name
> ** Authentication forwarding credential(s)
> * Connection circumstances:
> ** Peer and local address
> ** Current invocation protocol
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
10 years, 1 month
[JBoss JIRA] (WFLY-6431) NPE when suspending server with MDB deployed
by Bartosz Baranowski (JIRA)
[ https://issues.jboss.org/browse/WFLY-6431?page=com.atlassian.jira.plugin.... ]
Bartosz Baranowski updated WFLY-6431:
-------------------------------------
Attachment: ARTEMIS-459.patch
> NPE when suspending server with MDB deployed
> --------------------------------------------
>
> Key: WFLY-6431
> URL: https://issues.jboss.org/browse/WFLY-6431
> Project: WildFly
> Issue Type: Bug
> Reporter: Bartosz Baranowski
> Assignee: Bartosz Baranowski
> Attachments: ARTEMIS-459.patch
>
>
> I have simple MDB deployed and when calling suspend on server, the suspend operation fails with NPE [1].
> Steps to reproduce:
> 1) Start EAP 7.0.0.ER4 with deployed MDB - don't create corresponding queue
> 2) call suspend operation via jboss-cli
> 3) operation fails with NPE.
> Note with EAP 7.0.0.ER3 it works just fine => it is regression in comparison to EAP 7.0.0.ER3.
> [1]
> {noformat}
> 12:07:43,057 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0190: Step handler org.jboss.as.server.operations.ServerShutdownHandler$1@5ef6ed4e for operation {"operation" => "shutdown","operation-headers" => {"caller-type" => "user","access-mechanism" => "NATIVE"},"address" => undefined} at address [] failed handling operation rollback -- java.lang.NullPointerException: java.lang.NullPointerException
> at org.apache.activemq.artemis.ra.inflow.ActiveMQActivation.teardown(ActiveMQActivation.java:388)
> at org.apache.activemq.artemis.ra.inflow.ActiveMQActivation.stop(ActiveMQActivation.java:293)
> at org.apache.activemq.artemis.ra.ActiveMQResourceAdapter.endpointDeactivation(ActiveMQResourceAdapter.java:195)
> at org.jboss.jca.core.rar.EndpointImpl.deactivate(EndpointImpl.java:255)
> at org.jboss.as.ejb3.component.messagedriven.MessageDrivenComponent.deactivate(MessageDrivenComponent.java:267)
> at org.jboss.as.ejb3.component.messagedriven.MessageDrivenComponent.access$100(MessageDrivenComponent.java:62)
> at org.jboss.as.ejb3.component.messagedriven.MessageDrivenComponent$1.preSuspend(MessageDrivenComponent.java:91)
> at org.jboss.as.server.suspend.SuspendController.suspend(SuspendController.java:72)
> at org.jboss.as.server.operations.ServerShutdownHandler$1$1.handleResult(ServerShutdownHandler.java:144)
> at org.jboss.as.controller.AbstractOperationContext$Step.invokeResultHandler(AbstractOperationContext.java:1384)
> at org.jboss.as.controller.AbstractOperationContext$Step.handleResult(AbstractOperationContext.java:1366)
> at org.jboss.as.controller.AbstractOperationContext$Step.finalizeInternal(AbstractOperationContext.java:1328)
> at org.jboss.as.controller.AbstractOperationContext$Step.finalizeStep(AbstractOperationContext.java:1301)
> at org.jboss.as.controller.AbstractOperationContext$Step.access$300(AbstractOperationContext.java:1185)
> at org.jboss.as.controller.AbstractOperationContext.executeResultHandlerPhase(AbstractOperationContext.java:767)
> at org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:753)
> at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:680)
> at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:370)
> at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1344)
> at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:392)
> at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:217)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:208)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:130)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:152)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:148)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:92)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:148)
> at org.jboss.as.protocol.mgmt.AbstractMessageHandler$ManagementRequestContextImpl$1.doExecute(AbstractMessageHandler.java:363)
> at org.jboss.as.protocol.mgmt.AbstractMessageHandler$AsyncTaskRunner.run(AbstractMessageHandler.java:472)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> at org.jboss.threads.JBossThread.run(JBossThread.java:320)
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
10 years, 1 month
[JBoss JIRA] (WFCORE-1451) Unify/add unwrap methods to most of AttributeDefinition classes
by Tomaz Cerar (JIRA)
Tomaz Cerar created WFCORE-1451:
-----------------------------------
Summary: Unify/add unwrap methods to most of AttributeDefinition classes
Key: WFCORE-1451
URL: https://issues.jboss.org/browse/WFCORE-1451
Project: WildFly Core
Issue Type: Feature Request
Reporter: Tomaz Cerar
Assignee: Tomaz Cerar
we now have unwrap method only on StringListAD and PropertiesAD. but there are handful of others that should have it to if possible.
Thing to keep in mind is to make sure collection attributes can also return null as introduced in WFCORE-1448
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
10 years, 1 month
[JBoss JIRA] (WFLY-6431) NPE when suspending server with MDB deployed
by Bartosz Baranowski (JIRA)
Bartosz Baranowski created WFLY-6431:
----------------------------------------
Summary: NPE when suspending server with MDB deployed
Key: WFLY-6431
URL: https://issues.jboss.org/browse/WFLY-6431
Project: WildFly
Issue Type: Bug
Reporter: Bartosz Baranowski
Assignee: Jason Greene
I have simple MDB deployed and when calling suspend on server, the suspend operation fails with NPE [1].
Steps to reproduce:
1) Start EAP 7.0.0.ER4 with deployed MDB - don't create corresponding queue
2) call suspend operation via jboss-cli
3) operation fails with NPE.
Note with EAP 7.0.0.ER3 it works just fine => it is regression in comparison to EAP 7.0.0.ER3.
[1]
{noformat}
12:07:43,057 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0190: Step handler org.jboss.as.server.operations.ServerShutdownHandler$1@5ef6ed4e for operation {"operation" => "shutdown","operation-headers" => {"caller-type" => "user","access-mechanism" => "NATIVE"},"address" => undefined} at address [] failed handling operation rollback -- java.lang.NullPointerException: java.lang.NullPointerException
at org.apache.activemq.artemis.ra.inflow.ActiveMQActivation.teardown(ActiveMQActivation.java:388)
at org.apache.activemq.artemis.ra.inflow.ActiveMQActivation.stop(ActiveMQActivation.java:293)
at org.apache.activemq.artemis.ra.ActiveMQResourceAdapter.endpointDeactivation(ActiveMQResourceAdapter.java:195)
at org.jboss.jca.core.rar.EndpointImpl.deactivate(EndpointImpl.java:255)
at org.jboss.as.ejb3.component.messagedriven.MessageDrivenComponent.deactivate(MessageDrivenComponent.java:267)
at org.jboss.as.ejb3.component.messagedriven.MessageDrivenComponent.access$100(MessageDrivenComponent.java:62)
at org.jboss.as.ejb3.component.messagedriven.MessageDrivenComponent$1.preSuspend(MessageDrivenComponent.java:91)
at org.jboss.as.server.suspend.SuspendController.suspend(SuspendController.java:72)
at org.jboss.as.server.operations.ServerShutdownHandler$1$1.handleResult(ServerShutdownHandler.java:144)
at org.jboss.as.controller.AbstractOperationContext$Step.invokeResultHandler(AbstractOperationContext.java:1384)
at org.jboss.as.controller.AbstractOperationContext$Step.handleResult(AbstractOperationContext.java:1366)
at org.jboss.as.controller.AbstractOperationContext$Step.finalizeInternal(AbstractOperationContext.java:1328)
at org.jboss.as.controller.AbstractOperationContext$Step.finalizeStep(AbstractOperationContext.java:1301)
at org.jboss.as.controller.AbstractOperationContext$Step.access$300(AbstractOperationContext.java:1185)
at org.jboss.as.controller.AbstractOperationContext.executeResultHandlerPhase(AbstractOperationContext.java:767)
at org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:753)
at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:680)
at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:370)
at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1344)
at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:392)
at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:217)
at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:208)
at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:130)
at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:152)
at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:148)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:92)
at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:148)
at org.jboss.as.protocol.mgmt.AbstractMessageHandler$ManagementRequestContextImpl$1.doExecute(AbstractMessageHandler.java:363)
at org.jboss.as.protocol.mgmt.AbstractMessageHandler$AsyncTaskRunner.run(AbstractMessageHandler.java:472)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
at org.jboss.threads.JBossThread.run(JBossThread.java:320)
{noformat}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
10 years, 1 month
[JBoss JIRA] (WFLY-6431) NPE when suspending server with MDB deployed
by Bartosz Baranowski (JIRA)
[ https://issues.jboss.org/browse/WFLY-6431?page=com.atlassian.jira.plugin.... ]
Bartosz Baranowski reassigned WFLY-6431:
----------------------------------------
Assignee: Bartosz Baranowski (was: Jason Greene)
> NPE when suspending server with MDB deployed
> --------------------------------------------
>
> Key: WFLY-6431
> URL: https://issues.jboss.org/browse/WFLY-6431
> Project: WildFly
> Issue Type: Bug
> Reporter: Bartosz Baranowski
> Assignee: Bartosz Baranowski
>
> I have simple MDB deployed and when calling suspend on server, the suspend operation fails with NPE [1].
> Steps to reproduce:
> 1) Start EAP 7.0.0.ER4 with deployed MDB - don't create corresponding queue
> 2) call suspend operation via jboss-cli
> 3) operation fails with NPE.
> Note with EAP 7.0.0.ER3 it works just fine => it is regression in comparison to EAP 7.0.0.ER3.
> [1]
> {noformat}
> 12:07:43,057 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0190: Step handler org.jboss.as.server.operations.ServerShutdownHandler$1@5ef6ed4e for operation {"operation" => "shutdown","operation-headers" => {"caller-type" => "user","access-mechanism" => "NATIVE"},"address" => undefined} at address [] failed handling operation rollback -- java.lang.NullPointerException: java.lang.NullPointerException
> at org.apache.activemq.artemis.ra.inflow.ActiveMQActivation.teardown(ActiveMQActivation.java:388)
> at org.apache.activemq.artemis.ra.inflow.ActiveMQActivation.stop(ActiveMQActivation.java:293)
> at org.apache.activemq.artemis.ra.ActiveMQResourceAdapter.endpointDeactivation(ActiveMQResourceAdapter.java:195)
> at org.jboss.jca.core.rar.EndpointImpl.deactivate(EndpointImpl.java:255)
> at org.jboss.as.ejb3.component.messagedriven.MessageDrivenComponent.deactivate(MessageDrivenComponent.java:267)
> at org.jboss.as.ejb3.component.messagedriven.MessageDrivenComponent.access$100(MessageDrivenComponent.java:62)
> at org.jboss.as.ejb3.component.messagedriven.MessageDrivenComponent$1.preSuspend(MessageDrivenComponent.java:91)
> at org.jboss.as.server.suspend.SuspendController.suspend(SuspendController.java:72)
> at org.jboss.as.server.operations.ServerShutdownHandler$1$1.handleResult(ServerShutdownHandler.java:144)
> at org.jboss.as.controller.AbstractOperationContext$Step.invokeResultHandler(AbstractOperationContext.java:1384)
> at org.jboss.as.controller.AbstractOperationContext$Step.handleResult(AbstractOperationContext.java:1366)
> at org.jboss.as.controller.AbstractOperationContext$Step.finalizeInternal(AbstractOperationContext.java:1328)
> at org.jboss.as.controller.AbstractOperationContext$Step.finalizeStep(AbstractOperationContext.java:1301)
> at org.jboss.as.controller.AbstractOperationContext$Step.access$300(AbstractOperationContext.java:1185)
> at org.jboss.as.controller.AbstractOperationContext.executeResultHandlerPhase(AbstractOperationContext.java:767)
> at org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:753)
> at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:680)
> at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:370)
> at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1344)
> at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:392)
> at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:217)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:208)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:130)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:152)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:148)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:92)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:148)
> at org.jboss.as.protocol.mgmt.AbstractMessageHandler$ManagementRequestContextImpl$1.doExecute(AbstractMessageHandler.java:363)
> at org.jboss.as.protocol.mgmt.AbstractMessageHandler$AsyncTaskRunner.run(AbstractMessageHandler.java:472)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> at org.jboss.threads.JBossThread.run(JBossThread.java:320)
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
10 years, 1 month