April 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-6101) Removing of non-existent policy-module finishes with outcome success

by Bartosz Spyrko-Śmietanko (JIRA)

[ https://issues.jboss.org/browse/WFLY-6101?page=com.atlassian.jira.plugin.... ] Bartosz Spyrko-Śmietanko reassigned WFLY-6101: ---------------------------------------------- Assignee: Bartosz Spyrko-Śmietanko (was: Brian Stansberry) > Removing of non-existent policy-module finishes with outcome success > -------------------------------------------------------------------- > > Key: WFLY-6101 > URL: https://issues.jboss.org/browse/WFLY-6101 > Project: WildFly > Issue Type: Bug > Components: Domain Management, Security > Affects Versions: 10.0.0.Final > Reporter: Ondrej Lukas > Assignee: Bartosz Spyrko-Śmietanko > Priority: Minor > > In case when non-existent policy-module is removed through Management CLI, operation should finish with failure. However it finishes with outcome success and nothing is changed. It can be confusing since wrong command seems same as correct command. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-444) AuthorizationIdentity and PermissionMapper

by Pedro Igor (JIRA)

[ https://issues.jboss.org/browse/ELY-444?page=com.atlassian.jira.plugin.sy... ] Pedro Igor edited comment on ELY-444 at 4/29/16 8:08 AM: --------------------------------------------------------- Recently, I've been working on a Authorization API. I think we could review what I did and see if we can reuse something or how to adapt it to Elytron. If you find it useful. I think authorization can be completely decoupled from the authentication subsystem, where the concept of an Identity is abstract and simple enough to just provide the necessary information (basically, the claims/attributes) to evaluate authorization policies and grant/deny permissions. Beside the identity, we should also consider environment/execution information to base authorization decisions. In this case, it will allow us to support different access control mechanisms and combinations of them. An SPI should also be interesting in order to plug different Policy Providers, where we could define policies using different strategies. From simple RBAC to more complex policies using a script language. was (Author: pcraveiro): Recently, I've been working on a Authorization API. I think we could review what I did and see if we can reuse something or how to adapt it to Elytron. If you find it useful. I think authorization can be completely decoupled from the authentication subsystem, where the concept of an Identity is abstract and simple enough to just provide the necessary information to evaluate authorization policies and grant/deny permissions. Beside the identity, we should also consider environment/execution information to base authorization decisions. In this case, it will allow us to support different access control mechanisms and combinations of them. An SPI should also be interesting in order to plug different Policy Providers, where we could define policies using different strategies. From simple RBAC to more complex policies using a script language. > AuthorizationIdentity and PermissionMapper > ------------------------------------------ > > Key: ELY-444 > URL: https://issues.jboss.org/browse/ELY-444 > Project: WildFly Elytron > Issue Type: Enhancement > Components: API / SPI, Realms > Reporter: David Lloyd > Fix For: 1.1.0.Beta6 > > > When we initially designed the PermissionMapper we went to certain lengths to avoid exposing details of the realm. But now as the API has evolved it is clear that the permission mapper will need access to more information. The AuthorizationIdentity (or perhaps another object which includes the AuthorizationIdentity) should be made available to the permission mapper. > In addition, this object could be expanded to include more information about the authentication, for example mechanism-specific information, which can feed into the authorization decision and could be useful for other things. Examples include: authentication timestamp, mechanism name/kind, forwarding credentials, and other attributes which derive from the mechanism as opposed to the identity. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-444) AuthorizationIdentity and PermissionMapper

by Pedro Igor (JIRA)

[ https://issues.jboss.org/browse/ELY-444?page=com.atlassian.jira.plugin.sy... ] Pedro Igor commented on ELY-444: -------------------------------- Recently, I've been working on a Authorization API. I think we could review what I did and see if we can reuse something or how to adapt it to Elytron. If you find it useful. I think authorization can be completely decoupled from the authentication subsystem, where the concept of an Identity is abstract and simple enough to just provide the necessary information to evaluate authorization policies and grant/deny permissions. Beside the identity, we should also consider environment/execution information to base authorization decisions. In this case, it will allow us to support different access control mechanisms and combinations of them. An SPI should also be interesting in order to plug different Policy Providers, where we could define policies using different strategies. From simple RBAC to more complex policies using a script language. > AuthorizationIdentity and PermissionMapper > ------------------------------------------ > > Key: ELY-444 > URL: https://issues.jboss.org/browse/ELY-444 > Project: WildFly Elytron > Issue Type: Enhancement > Components: API / SPI, Realms > Reporter: David Lloyd > Fix For: 1.1.0.Beta6 > > > When we initially designed the PermissionMapper we went to certain lengths to avoid exposing details of the realm. But now as the API has evolved it is clear that the permission mapper will need access to more information. The AuthorizationIdentity (or perhaps another object which includes the AuthorizationIdentity) should be made available to the permission mapper. > In addition, this object could be expanded to include more information about the authentication, for example mechanism-specific information, which can feed into the authorization decision and could be useful for other things. Examples include: authentication timestamp, mechanism name/kind, forwarding credentials, and other attributes which derive from the mechanism as opposed to the identity. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1150) Problems found by FindBugs in drools-core

by Tibor Zimányi (JIRA)

Tibor Zimányi created DROOLS-1150: ------------------------------------- Summary: Problems found by FindBugs in drools-core Key: DROOLS-1150 URL: https://issues.jboss.org/browse/DROOLS-1150 Project: Drools Issue Type: Bug Affects Versions: 7.0.0.Final Reporter: Tibor Zimányi Assignee: Mario Fusco Attachments: findBugsDroolsCore.ods, FindBugsResult_4_29_16-drools-core.html I ran FindBugs analysis on drools-core module on master. There is 880 warnings in the report. So a pretty decent number. I picked some for start. See attachments. Also we should focus on concurrency warnings. You can find them in the report under "Multithreaded correctness Warnings" section. For better description of the warnings, you can install FindBugs-IDEA plugin and run the analysis in IDE. Each warning has some short description, sometimes with a link pointing to an article or more detailed info about the problem. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1119) Timers serialization not working with huge ids

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1119?page=com.atlassian.jira.plugi... ] RH Bugzilla Integration commented on DROOLS-1119: ------------------------------------------------- Marek Winkler <mwinkler(a)redhat.com> changed the Status of [bug 1326814|https://bugzilla.redhat.com/show_bug.cgi?id=1326814] from ON_QA to VERIFIED > Timers serialization not working with huge ids > ---------------------------------------------- > > Key: DROOLS-1119 > URL: https://issues.jboss.org/browse/DROOLS-1119 > Project: Drools > Issue Type: Bug > Reporter: Mario Fusco > Assignee: Mario Fusco > Fix For: 7.0.0.Final > > > Using huge ids for KieSessions corrupts timers serialization -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-416) Unable to add FileSystem realm when no relative-to attribute is provided

by Pedro Igor (JIRA)

[ https://issues.jboss.org/browse/ELY-416?page=com.atlassian.jira.plugin.sy... ] Pedro Igor reassigned ELY-416: ------------------------------ Assignee: Pedro Igor (was: Darran Lofthouse) > Unable to add FileSystem realm when no relative-to attribute is provided > ------------------------------------------------------------------------ > > Key: ELY-416 > URL: https://issues.jboss.org/browse/ELY-416 > Project: WildFly Elytron > Issue Type: Bug > Components: Realms > Reporter: Josef Cacek > Assignee: Pedro Igor > > The {{FileSystemRealmDefinition}} doesn't handle correctly {{"relative-to"}} attribute when it's not provided. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-460) Add JWT local validation support to OAuth2 Security Realm

by Pedro Igor (JIRA)

[ https://issues.jboss.org/browse/ELY-460?page=com.atlassian.jira.plugin.sy... ] Pedro Igor commented on ELY-460: -------------------------------- [~dmlloyd], we can use {{BearerTokenEvidence}} for this. I can't think of any reason to have a specific evidence to make this happen. > Add JWT local validation support to OAuth2 Security Realm > --------------------------------------------------------- > > Key: ELY-460 > URL: https://issues.jboss.org/browse/ELY-460 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Realms > Affects Versions: 1.0.2.Final > Reporter: Pedro Igor > Assignee: Pedro Igor > > Currently the OAuth2 Security Realm is based on the a Token Introspection Endpoint at the AS to validate the token and create identities from it, which may be called remote validation. > However, we may want to perform a local validation of the token if the token is using JWT, which is a standard format. In this case, we don't need to call the server at all and we just validate the token locally based on the signature (JWS), expiration, audience and any other condition recommended by the specs. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1147) Incremental compilation with rules that use eval fails.

by Tibor Zimányi (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1147?page=com.atlassian.jira.plugi... ] Tibor Zimányi updated DROOLS-1147: ---------------------------------- Affects Version/s: 6.4.0.Final > Incremental compilation with rules that use eval fails. > -------------------------------------------------------- > > Key: DROOLS-1147 > URL: https://issues.jboss.org/browse/DROOLS-1147 > Project: Drools > Issue Type: Bug > Affects Versions: 6.4.0.Final > Reporter: Tibor Zimányi > Assignee: Mario Fusco > > When using evals in rules, incremental compilation fails on various errors. See reproducer from PR [1]. There are at least 4 different failing stacktraces in the tests. > [1] https://github.com/droolsjbpm/drools/pull/760 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-484) Add JavaDoc for the 'org.wildfly.security.auth.realm' package and sub packages.

by Pedro Igor (JIRA)

[ https://issues.jboss.org/browse/ELY-484?page=com.atlassian.jira.plugin.sy... ] Pedro Igor reassigned ELY-484: ------------------------------ Assignee: Pedro Igor > Add JavaDoc for the 'org.wildfly.security.auth.realm' package and sub packages. > ------------------------------------------------------------------------------- > > Key: ELY-484 > URL: https://issues.jboss.org/browse/ELY-484 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Realms > Reporter: Darran Lofthouse > Assignee: Pedro Igor > Fix For: 1.1.0.Beta6 > > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-3884) Integrate mod_cluster subsystem with Elytron security subsystem for SSL configuration

by Radoslav Husar (JIRA)

[ https://issues.jboss.org/browse/WFLY-3884?page=com.atlassian.jira.plugin.... ] Radoslav Husar commented on WFLY-3884: -------------------------------------- Update: Elytron still not ready for integration yet. > Integrate mod_cluster subsystem with Elytron security subsystem for SSL configuration > ------------------------------------------------------------------------------------- > > Key: WFLY-3884 > URL: https://issues.jboss.org/browse/WFLY-3884 > Project: WildFly > Issue Type: Feature Request > Components: Clustering > Affects Versions: 9.0.0.Alpha1 > Reporter: Paul Ferraro > Assignee: Radoslav Husar > Fix For: 11.0.0.CR1 > > > Currently, the SSL certificate configuration is embedded within the mod_cluster subsystem configuration. Ideally, mod_cluster would reference this configuration from the security subsystem. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira April 2016