March 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-446) Additional fields on SecurityIdentity

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/ELY-446?page=com.atlassian.jira.plugin.sy... ] David Lloyd updated ELY-446: ---------------------------- Description: The following useful properties could be added to SecurityIdentity: * Identity creation time (the time when the identity itself is created, whether by login or by run-as) * Authentication information, including: ** Login timestamp (the time of the original authentication) ** Login mechanism & kind (SASL/HTTP/TLS etc.) ** Login protocol (HTTP/Remoting/etc.) incl. enclosing TLS information if any * Authentication identity information, including: ** Original authentication name ** Authentication forwarding credential(s) * Connection circumstances: ** Peer and local address ** Current invocation protocol was: The following useful properties could be added to SecurityIdentity: * Identity creation time (the time when the identity itself is created, whether by login or by run-as) * Authentication information, including: ** Login timestamp (the time of the original authentication) ** Login mechanism & kind (SASL/HTTP/TLS etc.) ** Login protocol (HTTP/Remoting/etc.) incl. enclosing TLS information if any * Authentication identity information, including: ** Original authentication name ** Authentication forwarding credential(s) > Additional fields on SecurityIdentity > ------------------------------------- > > Key: ELY-446 > URL: https://issues.jboss.org/browse/ELY-446 > Project: WildFly Elytron > Issue Type: Enhancement > Components: API / SPI > Reporter: David Lloyd > Assignee: David Lloyd > > The following useful properties could be added to SecurityIdentity: > * Identity creation time (the time when the identity itself is created, whether by login or by run-as) > * Authentication information, including: > ** Login timestamp (the time of the original authentication) > ** Login mechanism & kind (SASL/HTTP/TLS etc.) > ** Login protocol (HTTP/Remoting/etc.) incl. enclosing TLS information if any > * Authentication identity information, including: > ** Original authentication name > ** Authentication forwarding credential(s) > * Connection circumstances: > ** Peer and local address > ** Current invocation protocol -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ELY-452) CSIv2 Integration

by Darran Lofthouse (JIRA)

Darran Lofthouse created ELY-452: ------------------------------------ Summary: CSIv2 Integration Key: ELY-452 URL: https://issues.jboss.org/browse/ELY-452 Project: WildFly Elytron Issue Type: Feature Request Components: API / SPI Reporter: Darran Lofthouse Fix For: 1.1.0.Beta5 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ELY-451) Script Engine Support for various utility interfaces.

by Darran Lofthouse (JIRA)

Darran Lofthouse created ELY-451: ------------------------------------ Summary: Script Engine Support for various utility interfaces. Key: ELY-451 URL: https://issues.jboss.org/browse/ELY-451 Project: WildFly Elytron Issue Type: Feature Request Components: API / SPI Reporter: Darran Lofthouse Fix For: 1.1.0.Beta5 The various mapper / decoder interfaces are a possible place for script engine support to easily support custom implementations. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-6374) Some classes contain static call of AccessController.checkPermission(...)

by Hynek Švábek (JIRA)

Hynek Švábek created WFLY-6374: ---------------------------------- Summary: Some classes contain static call of AccessController.checkPermission(...) Key: WFLY-6374 URL: https://issues.jboss.org/browse/WFLY-6374 Project: WildFly Issue Type: Bug Components: Web (Undertow) Reporter: Hynek Švábek Assignee: Stuart Douglas Some source codes contain wrong static call for permission check {code} AccessController.checkPermission(...); {code} There must be some like this {code} securityManagerInstance.checkPermission(...); {code} https://github.com/undertow-io/undertow/blob/master/websockets-jsr/src/ma... Lines 105, 112, 126 https://github.com/undertow-io/undertow/blob/7db20bdef6cea603b5df9066506e... Line 216 https://github.com/undertow-io/undertow/blob/95051a890cbf655631f26813180f... Line 109 https://github.com/undertow-io/undertow/blob/909b972ec3a57555a2b769cec918... Lines 64, 71,78, 89 https://github.com/undertow-io/undertow/blob/efb2eb38839473938ab090afb0e8... Line 1742 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-6320) JCETestCase fails with security manager enabled on OracleJDK

by Ivo Studensky (JIRA)

[ https://issues.jboss.org/browse/WFLY-6320?page=com.atlassian.jira.plugin.... ] Ivo Studensky reassigned WFLY-6320: ----------------------------------- Assignee: Ivo Studensky > JCETestCase fails with security manager enabled on OracleJDK > ------------------------------------------------------------ > > Key: WFLY-6320 > URL: https://issues.jboss.org/browse/WFLY-6320 > Project: WildFly > Issue Type: Bug > Components: Test Suite > Environment: OracleJDK (tested with versions 1.8.0_71 and 1.8.0_74) > Reporter: Jan Tymel > Assignee: Ivo Studensky > > *org.jboss.as.test.integration.deployment.jcedeployment.JCETestCase#testJCE* > Steps to reproduce: > {{./integration-tests.sh -Dts.basic -Dts.noSmoke -DtestLogToFile=false -Dsecurity.manager -Dtest=org.jboss.as.test.integration.deployment.jcedeployment.JCETestCase#testJCE}} > Fails with: > {code} > ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /test/controller: javax.servlet.ServletException: Cannot install the certificate to the validator. > at org.jboss.as.test.integration.deployment.jcedeployment.ControllerServlet.init(ControllerServlet.java:80) > at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117) > at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78) > at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103) > at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:231) > at io.undertow.servlet.core.ManagedServlet.getServlet(ManagedServlet.java:170) > at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:84) > at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) > at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:180) > at java.security.AccessController.doPrivileged(Native Method) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:177) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "../jcetest.keystore" "read")" in code source "(vfs:/content/jcetest.ear/test.war/WEB-INF/classes <no signer certificates>)" of "null") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at java.lang.SecurityManager.checkRead(SecurityManager.java:888) > at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:377) > at java.io.FileInputStream.<init>(FileInputStream.java:127) > at java.io.FileInputStream.<init>(FileInputStream.java:93) > at org.jboss.as.test.integration.deployment.jcedeployment.ControllerServlet.init(ControllerServlet.java:65) > ... 34 more > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (JGRP-2026) GroupRequest concurrency issue

by Bela Ban (JIRA)

[ https://issues.jboss.org/browse/JGRP-2026?page=com.atlassian.jira.plugin.... ] Bela Ban updated JGRP-2026: --------------------------- Fix Version/s: (was: 4.0) > GroupRequest concurrency issue > ------------------------------ > > Key: JGRP-2026 > URL: https://issues.jboss.org/browse/JGRP-2026 > Project: JGroups > Issue Type: Bug > Affects Versions: 3.6.8 > Reporter: Dan Berindei > Assignee: Bela Ban > Fix For: 3.6.9 > > > {{GroupRequest.responsesComplete()}} is supposed to be called only while holding the lock ({{@GuardedBy("lock")}}). But {{GroupRequest.receiveResponse()}} calls {{Request.checkCompletion()}} outside the lock, which then calls {{GroupRequest.responsesComplete()}}. > Because this happens outside the lock, there is no happens-before relationship, and a thread can notify the request listener after another seeing the {{numReceived}} incremented by another thread, but without seeing the {{Rsp.value}} set by that other thread. > {noformat} > 23:22:21,328 TRACE (transport-thread-MultiNodeDistributedTest-NodeB-p8-t6) [JGroupsTransport] dests=null, command=CacheTopologyControlCommand{cache=null, type=GET_STATUS, sender=MultiNodeDistributedTest-NodeB-28202, joinInfo=null, topologyId=0, rebalanceId=0, currentCH=null, pendingCH=null, availabilityMode=null, actualMembers=null, throwable=null, viewId=4}, mode=SYNCHRONOUS, timeout=240000 > 23:22:21,329 TRACE (transport-thread-MultiNodeDistributedTest-NodeB-p8-t6) [MessageDispatcher] real_dests=[MultiNodeDistributedTest-NodeC-19310, MultiNodeDistributedTest-NodeD-7096] > 23:22:21,351 TRACE (remote-thread-MultiNodeDistributedTest-NodeD-p26-t3) [CommandAwareRpcDispatcher] About to send back response SuccessfulResponse{responseValue=...} for command CacheTopologyControlCommand{cache=null, type=GET_STATUS, sender=null, joinInfo=null, topologyId=0, rebalanceId=0, currentCH=null, pendingCH=null, availabilityMode=null, actualMembers=null, throwable=null, viewId=4} > 23:22:21,361 TRACE (remote-thread-MultiNodeDistributedTest-NodeC-p18-t6) [CommandAwareRpcDispatcher] About to send back response SuccessfulResponse{responseValue=...} for command CacheTopologyControlCommand{cache=null, type=GET_STATUS, sender=null, joinInfo=null, topologyId=0, rebalanceId=0, currentCH=null, pendingCH=null, availabilityMode=null, actualMembers=null, throwable=null, viewId=4} > 23:22:21,418 TRACE (remote-thread-MultiNodeDistributedTest-NodeD-p26-t3) [UNICAST3] MultiNodeDistributedTest-NodeD-7096 --> DATA(MultiNodeDistributedTest-NodeB-28202: #24, conn_id=1) > 23:22:21,418 TRACE (remote-thread-MultiNodeDistributedTest-NodeC-p18-t6) [UNICAST3] MultiNodeDistributedTest-NodeC-19310 --> DATA(MultiNodeDistributedTest-NodeB-28202: #68, conn_id=1) > 23:22:21,427 TRACE (OOB-2,MultiNodeDistributedTest-NodeB-28202) [UNICAST3] MultiNodeDistributedTest-NodeB-28202: delivering MultiNodeDistributedTest-NodeD-7096#24 > 23:22:21,431 TRACE (OOB-1,MultiNodeDistributedTest-NodeB-28202) [UNICAST3] MultiNodeDistributedTest-NodeB-28202: delivering MultiNodeDistributedTest-NodeC-19310#68 > 23:22:21,455 TRACE (OOB-2,MultiNodeDistributedTest-NodeB-28202) [JGroupsTransport] Responses: [sender=MultiNodeDistributedTest-NodeC-19310, received=false, suspected=false] > [sender=MultiNodeDistributedTest-NodeD-7096, retval=SuccessfulResponse{responseValue=...} , received=true, suspected=false] > {noformat} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (JGRP-2026) GroupRequest concurrency issue

by Bela Ban (JIRA)

[ https://issues.jboss.org/browse/JGRP-2026?page=com.atlassian.jira.plugin.... ] Bela Ban resolved JGRP-2026. ---------------------------- Resolution: Done > GroupRequest concurrency issue > ------------------------------ > > Key: JGRP-2026 > URL: https://issues.jboss.org/browse/JGRP-2026 > Project: JGroups > Issue Type: Bug > Affects Versions: 3.6.8 > Reporter: Dan Berindei > Assignee: Bela Ban > Fix For: 3.6.9 > > > {{GroupRequest.responsesComplete()}} is supposed to be called only while holding the lock ({{@GuardedBy("lock")}}). But {{GroupRequest.receiveResponse()}} calls {{Request.checkCompletion()}} outside the lock, which then calls {{GroupRequest.responsesComplete()}}. > Because this happens outside the lock, there is no happens-before relationship, and a thread can notify the request listener after another seeing the {{numReceived}} incremented by another thread, but without seeing the {{Rsp.value}} set by that other thread. > {noformat} > 23:22:21,328 TRACE (transport-thread-MultiNodeDistributedTest-NodeB-p8-t6) [JGroupsTransport] dests=null, command=CacheTopologyControlCommand{cache=null, type=GET_STATUS, sender=MultiNodeDistributedTest-NodeB-28202, joinInfo=null, topologyId=0, rebalanceId=0, currentCH=null, pendingCH=null, availabilityMode=null, actualMembers=null, throwable=null, viewId=4}, mode=SYNCHRONOUS, timeout=240000 > 23:22:21,329 TRACE (transport-thread-MultiNodeDistributedTest-NodeB-p8-t6) [MessageDispatcher] real_dests=[MultiNodeDistributedTest-NodeC-19310, MultiNodeDistributedTest-NodeD-7096] > 23:22:21,351 TRACE (remote-thread-MultiNodeDistributedTest-NodeD-p26-t3) [CommandAwareRpcDispatcher] About to send back response SuccessfulResponse{responseValue=...} for command CacheTopologyControlCommand{cache=null, type=GET_STATUS, sender=null, joinInfo=null, topologyId=0, rebalanceId=0, currentCH=null, pendingCH=null, availabilityMode=null, actualMembers=null, throwable=null, viewId=4} > 23:22:21,361 TRACE (remote-thread-MultiNodeDistributedTest-NodeC-p18-t6) [CommandAwareRpcDispatcher] About to send back response SuccessfulResponse{responseValue=...} for command CacheTopologyControlCommand{cache=null, type=GET_STATUS, sender=null, joinInfo=null, topologyId=0, rebalanceId=0, currentCH=null, pendingCH=null, availabilityMode=null, actualMembers=null, throwable=null, viewId=4} > 23:22:21,418 TRACE (remote-thread-MultiNodeDistributedTest-NodeD-p26-t3) [UNICAST3] MultiNodeDistributedTest-NodeD-7096 --> DATA(MultiNodeDistributedTest-NodeB-28202: #24, conn_id=1) > 23:22:21,418 TRACE (remote-thread-MultiNodeDistributedTest-NodeC-p18-t6) [UNICAST3] MultiNodeDistributedTest-NodeC-19310 --> DATA(MultiNodeDistributedTest-NodeB-28202: #68, conn_id=1) > 23:22:21,427 TRACE (OOB-2,MultiNodeDistributedTest-NodeB-28202) [UNICAST3] MultiNodeDistributedTest-NodeB-28202: delivering MultiNodeDistributedTest-NodeD-7096#24 > 23:22:21,431 TRACE (OOB-1,MultiNodeDistributedTest-NodeB-28202) [UNICAST3] MultiNodeDistributedTest-NodeB-28202: delivering MultiNodeDistributedTest-NodeC-19310#68 > 23:22:21,455 TRACE (OOB-2,MultiNodeDistributedTest-NodeB-28202) [JGroupsTransport] Responses: [sender=MultiNodeDistributedTest-NodeC-19310, received=false, suspected=false] > [sender=MultiNodeDistributedTest-NodeD-7096, retval=SuccessfulResponse{responseValue=...} , received=true, suspected=false] > {noformat} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ELY-450) Drop EvidenceDecoder

by Darran Lofthouse (JIRA)

Darran Lofthouse created ELY-450: ------------------------------------ Summary: Drop EvidenceDecoder Key: ELY-450 URL: https://issues.jboss.org/browse/ELY-450 Project: WildFly Elytron Issue Type: Feature Request Components: SSL Reporter: Darran Lofthouse Fix For: 1.1.0.Beta5 Drop the EvidenceDecoder as it is only used by SecurityDomainTrustManager. Instead Evidence will have a getPrincipal method which will by default return null, when verifyEvidence is called this can be used to set the current principal / trigger name rewriters / principal decoders etc... Then verifyEvidence can call itself / continue. Where no Principal is returned the current iterate the realms approach can be used. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-6373) Update to fasterxml jackson-2.7 to align with camel-2.17

by Tomaz Cerar (JIRA)

[ https://issues.jboss.org/browse/WFLY-6373?page=com.atlassian.jira.plugin.... ] Tomaz Cerar commented on WFLY-6373: ----------------------------------- It first needs to be upgraded in RestEasy > Update to fasterxml jackson-2.7 to align with camel-2.17 > -------------------------------------------------------- > > Key: WFLY-6373 > URL: https://issues.jboss.org/browse/WFLY-6373 > Project: WildFly > Issue Type: Task > Reporter: Thomas Diesler > Assignee: Jason Greene > Fix For: 10.1.0.Final > > > CrossRef: https://github.com/wildfly-extras/wildfly-camel/issues/1143 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-6373) Update to fasterxml jackson-2.7 to align with camel-2.17

by Thomas Diesler (JIRA)

Thomas Diesler created WFLY-6373: ------------------------------------ Summary: Update to fasterxml jackson-2.7 to align with camel-2.17 Key: WFLY-6373 URL: https://issues.jboss.org/browse/WFLY-6373 Project: WildFly Issue Type: Task Reporter: Thomas Diesler Assignee: Jason Greene Fix For: 10.1.0.Final -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2016