May 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-377) Add a SecurityFactory implementation to return a GSSCredential

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-377?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse commented on ELY-377: -------------------------------------- Either this issue or ELY-454 will be rejected as a duplicate as they both propose solutions for the same problem - will know shortly as I am writing the Kerberos integration for HTTP now. > Add a SecurityFactory implementation to return a GSSCredential > -------------------------------------------------------------- > > Key: ELY-377 > URL: https://issues.jboss.org/browse/ELY-377 > Project: WildFly Elytron > Issue Type: Task > Components: Utils > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta6 > > > This task is for a simple implementation that uses a JAAS call and the GSSAPI APIs to authenticate and obtain the GSSCredential. > For completeness this utility should probably cover both the client side and server side use cases. > Delegation however may call for a slightly different implement for the client side when running in a server. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-508) A USERNAME HTTP authentication mechanism.

by Farah Juma (JIRA)

[ https://issues.jboss.org/browse/ELY-508?page=com.atlassian.jira.plugin.sy... ] Farah Juma reassigned ELY-508: ------------------------------ Assignee: Farah Juma > A USERNAME HTTP authentication mechanism. > ----------------------------------------- > > Key: ELY-508 > URL: https://issues.jboss.org/browse/ELY-508 > Project: WildFly Elytron > Issue Type: Enhancement > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Farah Juma > Fix For: 2.0.0.Alpha1 > > > This is closely related to FORM authentication but to cover the case where we want to prompt for just a username first and once we know that the subsequent challenge can be customised. > The customisation may be by separate authentication mechanisms then able to offer their own specific FORM variant and perform their own validation. > As an example we may prompt one user for a password whilst prompt a different user for a password and a OTP, we could even use this to decide if we authenticate against a local realm with a credential or redirect via something like KeyCloak. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-509) Multi Step HTTP Authentication

by Farah Juma (JIRA)

[ https://issues.jboss.org/browse/ELY-509?page=com.atlassian.jira.plugin.sy... ] Farah Juma reassigned ELY-509: ------------------------------ Assignee: Farah Juma (was: Darran Lofthouse) > Multi Step HTTP Authentication > ------------------------------ > > Key: ELY-509 > URL: https://issues.jboss.org/browse/ELY-509 > Project: WildFly Elytron > Issue Type: Enhancement > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Farah Juma > Fix For: 1.1.0.Beta7 > > > This is a variation of FORM authentication and closely related to ELY-508. > The scenario would be prompt for a username, then prompt for a password and if the password is valid and the account supports OTP prompt for the OTP. > The mechanism may also be responsible for sending the OTP but that is probably a side topic. > I have raised this in terms of being a HTTP mechanism but the main point we need to ensure is covered is the requirements about identifying what checks are required for a specific user and tracking they are all complete. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-538) Infinite loop in ElytronPermissionCollection.readResolve() method

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/ELY-538?page=com.atlassian.jira.plugin.sy... ] David Lloyd reassigned ELY-538: ------------------------------- Assignee: David Lloyd > Infinite loop in ElytronPermissionCollection.readResolve() method > ----------------------------------------------------------------- > > Key: ELY-538 > URL: https://issues.jboss.org/browse/ELY-538 > Project: WildFly Elytron > Issue Type: Bug > Components: Security Manager > Affects Versions: 1.1.0.Beta5 > Reporter: Ondrej Lukas > Assignee: David Lloyd > Labels: static_analysis > Fix For: 1.1.0.Beta7 > > > There is infinite loop in ElytronPermissionCollection.readResolve() on line 61 [1]. Variable {{bits}} is never changed in {{while}} cycle. > [1] https://github.com/wildfly-security/wildfly-elytron/blob/ef67225884aa79b8... -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-395) Undertow HTTPS listener offers no cipher suite for DEFAULT enabled-cipher-suites

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-395?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-395: --------------------------------- Fix Version/s: 1.1.0.Beta6 > Undertow HTTPS listener offers no cipher suite for DEFAULT enabled-cipher-suites > -------------------------------------------------------------------------------- > > Key: ELY-395 > URL: https://issues.jboss.org/browse/ELY-395 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.0.2.Final > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta6 > > > No cipher suites are available for handshake with HTTPS Undertow listener. > According to OpenSSL documentation [1], cipher suites corresponding with ALL:!COMPLEMENTOFDEFAULT:!eNULL cipher string should be available for handshake. > According to Elytron documentation [2], cipher suites corresponding with ALL:!aNULL:!eNULL cipher string should be available for handshake. > [1] https://www.openssl.org/docs/manmaster/apps/ciphers.html#CIPHER-STRINGS > [2] http://wildfly-security.github.io/wildfly-elytron/org/wildfly/security/ss... -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1127) Google App Engine support: Do not call new Thread() by allowing to plug in a custom ThreadFactory

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1127?page=com.atlassian.jira.plugi... ] RH Bugzilla Integration commented on DROOLS-1127: ------------------------------------------------- Xiong Zhi Ming <zxiong(a)redhat.com> changed the Status of [bug 1329093|https://bugzilla-qe-05.host.stage.eng.rdu2.redhat.com/show_bug.cg...] from NEW to ASSIGNED > Google App Engine support: Do not call new Thread() by allowing to plug in a custom ThreadFactory > ------------------------------------------------------------------------------------------------- > > Key: DROOLS-1127 > URL: https://issues.jboss.org/browse/DROOLS-1127 > Project: Drools > Issue Type: Enhancement > Components: core engine > Reporter: Geoffrey De Smet > Assignee: Mario Fusco > Fix For: 7.0.0.Beta1 > > > Any code that does `new Thread()` on GAE throws an exception, because you can't create new threads yourself. > Other future cloud platforms might have a similar restriction. It should be possible to plug in a custom way of creating threads. > *Proposal A)* Add a kieBase configuration property to change the ThreadFactory > {code} > drools.threadFactory = com.user.project.GoogleAppEngineThreadFactory > {code} > *Proposal B)* Add a kieBase configuration property to change the ExecutorServiceFactory > {code} > drools.executorServiceFactory = com.user.project.ExecutorServiceFactory > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1125) Google App Engine support: ClassLoader.getSystemClassLoader() throws exception

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1125?page=com.atlassian.jira.plugi... ] RH Bugzilla Integration commented on DROOLS-1125: ------------------------------------------------- Xiong Zhi Ming <zxiong(a)redhat.com> changed the Status of [bug 1329093|https://bugzilla-qe-05.host.stage.eng.rdu2.redhat.com/show_bug.cg...] from NEW to ASSIGNED > Google App Engine support: ClassLoader.getSystemClassLoader() throws exception > ------------------------------------------------------------------------------ > > Key: DROOLS-1125 > URL: https://issues.jboss.org/browse/DROOLS-1125 > Project: Drools > Issue Type: Enhancement > Components: core engine > Reporter: Geoffrey De Smet > Assignee: Mario Fusco > Fix For: 7.0.0.Beta1 > > > Class org.kie.internal.utils.ChainedProperties > Every call to get the System Class Loader > confClassLoader = ClassLoader.getSystemClassLoader(); (i.e. lines 133, 169) > raises an exception. > Todo: figure out which particular exception. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-538) Infinite loop in ElytronPermissionCollection.readResolve() method

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-538?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-538: --------------------------------- Fix Version/s: 1.1.0.Beta7 > Infinite loop in ElytronPermissionCollection.readResolve() method > ----------------------------------------------------------------- > > Key: ELY-538 > URL: https://issues.jboss.org/browse/ELY-538 > Project: WildFly Elytron > Issue Type: Bug > Components: Security Manager > Affects Versions: 1.1.0.Beta5 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: static_analysis > Fix For: 1.1.0.Beta7 > > > There is infinite loop in ElytronPermissionCollection.readResolve() on line 61 [1]. Variable {{bits}} is never changed in {{while}} cycle. > [1] https://github.com/wildfly-security/wildfly-elytron/blob/ef67225884aa79b8... -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-538) Infinite loop in ElytronPermissionCollection.readResolve() method

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-538?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-538: ------------------------------------ Assignee: (was: Darran Lofthouse) > Infinite loop in ElytronPermissionCollection.readResolve() method > ----------------------------------------------------------------- > > Key: ELY-538 > URL: https://issues.jboss.org/browse/ELY-538 > Project: WildFly Elytron > Issue Type: Bug > Components: Security Manager > Affects Versions: 1.1.0.Beta5 > Reporter: Ondrej Lukas > Labels: static_analysis > Fix For: 1.1.0.Beta7 > > > There is infinite loop in ElytronPermissionCollection.readResolve() on line 61 [1]. Variable {{bits}} is never changed in {{while}} cycle. > [1] https://github.com/wildfly-security/wildfly-elytron/blob/ef67225884aa79b8... -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-538) Infinite loop in ElytronPermissionCollection.readResolve() method

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-538?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-538: --------------------------------- Component/s: Security Manager > Infinite loop in ElytronPermissionCollection.readResolve() method > ----------------------------------------------------------------- > > Key: ELY-538 > URL: https://issues.jboss.org/browse/ELY-538 > Project: WildFly Elytron > Issue Type: Bug > Components: Security Manager > Affects Versions: 1.1.0.Beta5 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: static_analysis > Fix For: 1.1.0.Beta7 > > > There is infinite loop in ElytronPermissionCollection.readResolve() on line 61 [1]. Variable {{bits}} is never changed in {{while}} cycle. > [1] https://github.com/wildfly-security/wildfly-elytron/blob/ef67225884aa79b8... -- This message was sent by Atlassian JIRA (v6.4.11#64026)

7 years, 11 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira May 2016