April 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-1466) Wildfly SSL Setup Fails on HSM-Backed Keystore

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1466?page=com.atlassian.jira.plugi... ] Darran Lofthouse commented on WFCORE-1466: ------------------------------------------ Does this Luna KeyType require you to also provide a file for initialising the KeyStore? This alias copying is only really supposed to be used for file based KeyStores. > Wildfly SSL Setup Fails on HSM-Backed Keystore > ---------------------------------------------- > > Key: WFCORE-1466 > URL: https://issues.jboss.org/browse/WFCORE-1466 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Environment: Any host environment with an HSM for key management > Reporter: Gregory Ramsperger > Assignee: Darran Lofthouse > > Using a keystore type that does not allow or returns empty from getEncoded() on private keys causes a KeyStoreException at startup. This is common in HSM-backed key operations. > Storing SSL keys and certs in an HSM is a common method of securing keys and offloading SSL overhead. > FileKeyStore.java copies a KeyStore.Entry value into a JKS KeyStore but JKS and PKCS12 KeyStore implementations maintain a copy of the encoded PKCS#8 data for private keys. When applying a KeyStore.Entry from a source that does not return the data for security reasons, the import fails. > While it's still not guaranteed to work with all KeyStore providers, switching {{KeyStore.getInstance("JKS")}} to {{KeyStore.getInstance(provider)}} fixes the issue for SafeNet "Luna" and SunPKCS11 "PKCS11" KeyStore implementations while not breaking the "PKCS12" and "JKS" cases. > See [https://github.com/wildfly/wildfly-core/blob/master/domain-management/src...] > Log output: > {noformat} > 2016-04-04 18:53:51,100 i-4b6f79d1 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service jboss.server.controller.management.security_realm.test.key-manager: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.test.key-manager: JBAS015229: Unable to start service > at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:148) > at org.jboss.as.domain.management.security.FileKeyManagerService.start(FileKeyManagerService.java:119) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) [jboss-msc-1.2.2.Final.jar:1.2.2.Final] > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) [jboss-msc-1.2.2.Final.jar:1.2.2.Final] > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_60] > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_60] > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_60] > Caused by: java.security.KeyStoreException: Cannot get key bytes, not PKCS#8 encoded > at sun.security.provider.KeyProtector.protect(KeyProtector.java:174) [rt.jar:1.8.0_60] > at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:267) [rt.jar:1.8.0_60] > at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56) [rt.jar:1.8.0_60] > at java.security.KeyStoreSpi.engineSetEntry(KeyStoreSpi.java:537) [rt.jar:1.8.0_60] > at sun.security.provider.KeyStoreDelegator.engineSetEntry(KeyStoreDelegator.java:179) [rt.jar:1.8.0_60] > at sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetEntry(JavaKeyStore.java:70) [rt.jar:1.8.0_60] > at java.security.KeyStore.setEntry(KeyStore.java:1557) [rt.jar:1.8.0_60] > at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:136) > ... 6 more > {noformat} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-1466) Wildfly SSL Setup Fails on HSM-Backed Keystore

by Gregory Ramsperger (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1466?page=com.atlassian.jira.plugi... ] Gregory Ramsperger commented on WFCORE-1466: -------------------------------------------- I'm using the "Luna" KeyType and specifying an alias. The Luna SPI is provided by SafeNet's {{com.safenetinc.luna.provider.LunaProvider}} security provider. We're currently running this patch in production. Oracle/Sun's PKCS11 provider also fails, but with a NullPointerException instead of "Cannot get key bytes, not PKCS#8 encoded" since {{sun.security.pkcs11.P11Key#P11Key.getEncoded()}} returns {{null}} instead of an empty byte array. > Wildfly SSL Setup Fails on HSM-Backed Keystore > ---------------------------------------------- > > Key: WFCORE-1466 > URL: https://issues.jboss.org/browse/WFCORE-1466 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Environment: Any host environment with an HSM for key management > Reporter: Gregory Ramsperger > Assignee: Darran Lofthouse > > Using a keystore type that does not allow or returns empty from getEncoded() on private keys causes a KeyStoreException at startup. This is common in HSM-backed key operations. > Storing SSL keys and certs in an HSM is a common method of securing keys and offloading SSL overhead. > FileKeyStore.java copies a KeyStore.Entry value into a JKS KeyStore but JKS and PKCS12 KeyStore implementations maintain a copy of the encoded PKCS#8 data for private keys. When applying a KeyStore.Entry from a source that does not return the data for security reasons, the import fails. > While it's still not guaranteed to work with all KeyStore providers, switching {{KeyStore.getInstance("JKS")}} to {{KeyStore.getInstance(provider)}} fixes the issue for SafeNet "Luna" and SunPKCS11 "PKCS11" KeyStore implementations while not breaking the "PKCS12" and "JKS" cases. > See [https://github.com/wildfly/wildfly-core/blob/master/domain-management/src...] > Log output: > {noformat} > 2016-04-04 18:53:51,100 i-4b6f79d1 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service jboss.server.controller.management.security_realm.test.key-manager: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.test.key-manager: JBAS015229: Unable to start service > at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:148) > at org.jboss.as.domain.management.security.FileKeyManagerService.start(FileKeyManagerService.java:119) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) [jboss-msc-1.2.2.Final.jar:1.2.2.Final] > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) [jboss-msc-1.2.2.Final.jar:1.2.2.Final] > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_60] > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_60] > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_60] > Caused by: java.security.KeyStoreException: Cannot get key bytes, not PKCS#8 encoded > at sun.security.provider.KeyProtector.protect(KeyProtector.java:174) [rt.jar:1.8.0_60] > at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:267) [rt.jar:1.8.0_60] > at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56) [rt.jar:1.8.0_60] > at java.security.KeyStoreSpi.engineSetEntry(KeyStoreSpi.java:537) [rt.jar:1.8.0_60] > at sun.security.provider.KeyStoreDelegator.engineSetEntry(KeyStoreDelegator.java:179) [rt.jar:1.8.0_60] > at sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetEntry(JavaKeyStore.java:70) [rt.jar:1.8.0_60] > at java.security.KeyStore.setEntry(KeyStore.java:1557) [rt.jar:1.8.0_60] > at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:136) > ... 6 more > {noformat} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (DROOLS-1114) Add ConversationId http header/jms property to allow dynamic routing of requests

by Edson Tirelli (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1114?page=com.atlassian.jira.plugi... ] Edson Tirelli reassigned DROOLS-1114: ------------------------------------- Assignee: Maciej Swiderski (was: Edson Tirelli) > Add ConversationId http header/jms property to allow dynamic routing of requests > -------------------------------------------------------------------------------- > > Key: DROOLS-1114 > URL: https://issues.jboss.org/browse/DROOLS-1114 > Project: Drools > Issue Type: Feature Request > Components: kie server > Affects Versions: 6.4.0.CR2 > Reporter: Maciej Swiderski > Assignee: Maciej Swiderski > > to be able to implement rolling updates on openshift there is need to provide additional information so routing can properly navigate between server instances. > Kie Server (both server and client) should use conversation id that is composed of: > - kie server id > - container id > - release id (resolved release id if present) > - unique UUID string > all of these values are separated with : so it can be easily parsed. ReleaseId is by itself separated with : as it's GAV (group : artifact : version) > Entire conversationId is URL encoded so it can be easily transferred over the wire. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-1462) ssl element not usable in xml cli config

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1462?page=com.atlassian.jira.plugi... ] Brian Stansberry reassigned WFCORE-1462: ---------------------------------------- Fix Version/s: 3.0.0.Alpha1 Assignee: Jean-Francois Denise (was: Alexey Loubyansky) Resolution: Done > ssl element not usable in xml cli config > ---------------------------------------- > > Key: WFCORE-1462 > URL: https://issues.jboss.org/browse/WFCORE-1462 > Project: WildFly Core > Issue Type: Bug > Components: CLI > Affects Versions: 3.0.0.Alpha1 > Reporter: Jean-Francois Denise > Assignee: Jean-Francois Denise > Fix For: 3.0.0.Alpha1 > > > Setting a trust store in the cli-config.xml (ssl XML element) has the side effect to load classes from picketBox that is not present in the core feature pack. This makes ssl element not usable in a core configuration. This works well in a fully featured wildly. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-1466) Wildfly SSL Setup Fails on HSM-Backed Keystore

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1466?page=com.atlassian.jira.plugi... ] Darran Lofthouse commented on WFCORE-1466: ------------------------------------------ What KeyStore type are you trying to use and are you specifying an alias? > Wildfly SSL Setup Fails on HSM-Backed Keystore > ---------------------------------------------- > > Key: WFCORE-1466 > URL: https://issues.jboss.org/browse/WFCORE-1466 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Environment: Any host environment with an HSM for key management > Reporter: Gregory Ramsperger > Assignee: Darran Lofthouse > > Using a keystore type that does not allow or returns empty from getEncoded() on private keys causes a KeyStoreException at startup. This is common in HSM-backed key operations. > Storing SSL keys and certs in an HSM is a common method of securing keys and offloading SSL overhead. > FileKeyStore.java copies a KeyStore.Entry value into a JKS KeyStore but JKS and PKCS12 KeyStore implementations maintain a copy of the encoded PKCS#8 data for private keys. When applying a KeyStore.Entry from a source that does not return the data for security reasons, the import fails. > While it's still not guaranteed to work with all KeyStore providers, switching {{KeyStore.getInstance("JKS")}} to {{KeyStore.getInstance(provider)}} fixes the issue for SafeNet "Luna" and SunPKCS11 "PKCS11" KeyStore implementations while not breaking the "PKCS12" and "JKS" cases. > See [https://github.com/wildfly/wildfly-core/blob/master/domain-management/src...] > Log output: > {noformat} > 2016-04-04 18:53:51,100 i-4b6f79d1 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service jboss.server.controller.management.security_realm.test.key-manager: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.test.key-manager: JBAS015229: Unable to start service > at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:148) > at org.jboss.as.domain.management.security.FileKeyManagerService.start(FileKeyManagerService.java:119) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) [jboss-msc-1.2.2.Final.jar:1.2.2.Final] > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) [jboss-msc-1.2.2.Final.jar:1.2.2.Final] > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_60] > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_60] > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_60] > Caused by: java.security.KeyStoreException: Cannot get key bytes, not PKCS#8 encoded > at sun.security.provider.KeyProtector.protect(KeyProtector.java:174) [rt.jar:1.8.0_60] > at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:267) [rt.jar:1.8.0_60] > at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56) [rt.jar:1.8.0_60] > at java.security.KeyStoreSpi.engineSetEntry(KeyStoreSpi.java:537) [rt.jar:1.8.0_60] > at sun.security.provider.KeyStoreDelegator.engineSetEntry(KeyStoreDelegator.java:179) [rt.jar:1.8.0_60] > at sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetEntry(JavaKeyStore.java:70) [rt.jar:1.8.0_60] > at java.security.KeyStore.setEntry(KeyStore.java:1557) [rt.jar:1.8.0_60] > at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:136) > ... 6 more > {noformat} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-1466) Wildfly SSL Setup Fails on HSM-Backed Keystore

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1466?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-6495 to WFCORE-1466: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-1466 (was: WFLY-6495) Component/s: Domain Management Security (was: Domain Management) Affects Version/s: (was: 8.2.1.Final) (was: 9.0.2.Final) (was: 10.1.0.Final) > Wildfly SSL Setup Fails on HSM-Backed Keystore > ---------------------------------------------- > > Key: WFCORE-1466 > URL: https://issues.jboss.org/browse/WFCORE-1466 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Environment: Any host environment with an HSM for key management > Reporter: Gregory Ramsperger > Assignee: Darran Lofthouse > > Using a keystore type that does not allow or returns empty from getEncoded() on private keys causes a KeyStoreException at startup. This is common in HSM-backed key operations. > Storing SSL keys and certs in an HSM is a common method of securing keys and offloading SSL overhead. > FileKeyStore.java copies a KeyStore.Entry value into a JKS KeyStore but JKS and PKCS12 KeyStore implementations maintain a copy of the encoded PKCS#8 data for private keys. When applying a KeyStore.Entry from a source that does not return the data for security reasons, the import fails. > While it's still not guaranteed to work with all KeyStore providers, switching {{KeyStore.getInstance("JKS")}} to {{KeyStore.getInstance(provider)}} fixes the issue for SafeNet "Luna" and SunPKCS11 "PKCS11" KeyStore implementations while not breaking the "PKCS12" and "JKS" cases. > See [https://github.com/wildfly/wildfly-core/blob/master/domain-management/src...] > Log output: > {noformat} > 2016-04-04 18:53:51,100 i-4b6f79d1 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service jboss.server.controller.management.security_realm.test.key-manager: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.test.key-manager: JBAS015229: Unable to start service > at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:148) > at org.jboss.as.domain.management.security.FileKeyManagerService.start(FileKeyManagerService.java:119) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) [jboss-msc-1.2.2.Final.jar:1.2.2.Final] > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) [jboss-msc-1.2.2.Final.jar:1.2.2.Final] > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_60] > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_60] > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_60] > Caused by: java.security.KeyStoreException: Cannot get key bytes, not PKCS#8 encoded > at sun.security.provider.KeyProtector.protect(KeyProtector.java:174) [rt.jar:1.8.0_60] > at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:267) [rt.jar:1.8.0_60] > at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56) [rt.jar:1.8.0_60] > at java.security.KeyStoreSpi.engineSetEntry(KeyStoreSpi.java:537) [rt.jar:1.8.0_60] > at sun.security.provider.KeyStoreDelegator.engineSetEntry(KeyStoreDelegator.java:179) [rt.jar:1.8.0_60] > at sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetEntry(JavaKeyStore.java:70) [rt.jar:1.8.0_60] > at java.security.KeyStore.setEntry(KeyStore.java:1557) [rt.jar:1.8.0_60] > at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:136) > ... 6 more > {noformat} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-6495) Wildfly SSL Setup Fails on HSM-Backed Keystore

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-6495?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-6495: -------------------------------------- Assignee: Darran Lofthouse (was: Brian Stansberry) > Wildfly SSL Setup Fails on HSM-Backed Keystore > ---------------------------------------------- > > Key: WFLY-6495 > URL: https://issues.jboss.org/browse/WFLY-6495 > Project: WildFly > Issue Type: Bug > Components: Domain Management > Affects Versions: 8.2.1.Final, 9.0.2.Final, 10.1.0.Final > Environment: Any host environment with an HSM for key management > Reporter: Gregory Ramsperger > Assignee: Darran Lofthouse > > Using a keystore type that does not allow or returns empty from getEncoded() on private keys causes a KeyStoreException at startup. This is common in HSM-backed key operations. > Storing SSL keys and certs in an HSM is a common method of securing keys and offloading SSL overhead. > FileKeyStore.java copies a KeyStore.Entry value into a JKS KeyStore but JKS and PKCS12 KeyStore implementations maintain a copy of the encoded PKCS#8 data for private keys. When applying a KeyStore.Entry from a source that does not return the data for security reasons, the import fails. > While it's still not guaranteed to work with all KeyStore providers, switching {{KeyStore.getInstance("JKS")}} to {{KeyStore.getInstance(provider)}} fixes the issue for SafeNet "Luna" and SunPKCS11 "PKCS11" KeyStore implementations while not breaking the "PKCS12" and "JKS" cases. > See [https://github.com/wildfly/wildfly-core/blob/master/domain-management/src...] > Log output: > {noformat} > 2016-04-04 18:53:51,100 i-4b6f79d1 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service jboss.server.controller.management.security_realm.test.key-manager: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.test.key-manager: JBAS015229: Unable to start service > at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:148) > at org.jboss.as.domain.management.security.FileKeyManagerService.start(FileKeyManagerService.java:119) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) [jboss-msc-1.2.2.Final.jar:1.2.2.Final] > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) [jboss-msc-1.2.2.Final.jar:1.2.2.Final] > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_60] > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_60] > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_60] > Caused by: java.security.KeyStoreException: Cannot get key bytes, not PKCS#8 encoded > at sun.security.provider.KeyProtector.protect(KeyProtector.java:174) [rt.jar:1.8.0_60] > at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:267) [rt.jar:1.8.0_60] > at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56) [rt.jar:1.8.0_60] > at java.security.KeyStoreSpi.engineSetEntry(KeyStoreSpi.java:537) [rt.jar:1.8.0_60] > at sun.security.provider.KeyStoreDelegator.engineSetEntry(KeyStoreDelegator.java:179) [rt.jar:1.8.0_60] > at sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetEntry(JavaKeyStore.java:70) [rt.jar:1.8.0_60] > at java.security.KeyStore.setEntry(KeyStore.java:1557) [rt.jar:1.8.0_60] > at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:136) > ... 6 more > {noformat} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ELY-178) Domain to domain identity propagation

by Farah Juma (JIRA)

[ https://issues.jboss.org/browse/ELY-178?page=com.atlassian.jira.plugin.sy... ] Farah Juma updated ELY-178: --------------------------- Git Pull Request: https://github.com/wildfly-security/wildfly-elytron/pull/396, https://github.com/wildfly-security/wildfly-elytron/pull/400 (was: https://github.com/wildfly-security/wildfly-elytron/pull/396) > Domain to domain identity propagation > ------------------------------------- > > Key: ELY-178 > URL: https://issues.jboss.org/browse/ELY-178 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Realms > Reporter: Darran Lofthouse > Assignee: Farah Juma > Fix For: 1.1.0.CR1 > > > At the lowest level a users identity is associated with a single SecurityRealm, two accounts that authenticated against different realms will never be considered equal. > However on top of this we have the security domains, a security domain amongst other things is an aggregation of realms. Incoming server connections and also applications can be associated with a security domain. However we still have the following two scenarios of a call to complete the consideration for: - > Connection -> Deployment > Deployment -> Deployment > In the first case the connection may be associated with a security domain with a large set of realms, however the deployment may be associated with a smaller set of realms. In the case that the realm is in both of these domains we need the identity to be able to automatically propagate. > Same for deployment to deployment calls, if there is a common realm the identity should propagate. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-1465) LogContexts are not removed for ear subdeployments

by James Perkins (JIRA)

James Perkins created WFCORE-1465: ------------------------------------- Summary: LogContexts are not removed for ear subdeployments Key: WFCORE-1465 URL: https://issues.jboss.org/browse/WFCORE-1465 Project: WildFly Core Issue Type: Bug Components: Logging Affects Versions: 2.1.0.Final Reporter: Aaron Ogburn Assignee: Aaron Ogburn If an ear does not have its own LogContext created, but a subdeployment in it does, the subdeployment never has its LogContext cleaned up upon undeploy, leading to PermGen leaks. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-1464) LogContexts are not removed for ear subdeployments

by James Perkins (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1464?page=com.atlassian.jira.plugi... ] James Perkins reassigned WFCORE-1464: ------------------------------------- Assignee: Aaron Ogburn (was: James Perkins) > LogContexts are not removed for ear subdeployments > -------------------------------------------------- > > Key: WFCORE-1464 > URL: https://issues.jboss.org/browse/WFCORE-1464 > Project: WildFly Core > Issue Type: Bug > Components: Logging > Affects Versions: 2.1.0.Final > Reporter: Aaron Ogburn > Assignee: Aaron Ogburn > Attachments: app.ear > > > If an ear does not have its own LogContext created, but a subdeployment in it does, the subdeployment never has its LogContext cleaned up upon undeploy, leading to PermGen leaks. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira April 2016