July 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-252) Take into account username after failed authentication for available mechs

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-252?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-252: --------------------------------- Fix Version/s: 1.1.0.Beta8 (was: 1.1.0.Beta7) > Take into account username after failed authentication for available mechs > -------------------------------------------------------------------------- > > Key: ELY-252 > URL: https://issues.jboss.org/browse/ELY-252 > Project: WildFly Elytron > Issue Type: Task > Components: SASL > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta8 > > > This is something we would need to be cautious about as it does risk revealing information to an attacker but after a files attempt we may have more information and be able to offer mechanisms based on this. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-298) load-from/uri keystore xsd/parser mismatch

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-298?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-298: --------------------------------- Fix Version/s: 1.1.0.Beta8 (was: 1.1.0.Beta7) > load-from/uri keystore xsd/parser mismatch > ------------------------------------------ > > Key: ELY-298 > URL: https://issues.jboss.org/browse/ELY-298 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Reporter: Kabir Khan > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta8 > > > The xsd has > {code} > <xsd:complexType name="key-store-type"> > <xsd:sequence minOccurs="1" maxOccurs="1"> >  > <xsd:choice minOccurs="1" maxOccurs="1"> > <xsd:element name="file" type="name-type" minOccurs="1" maxOccurs="1"/> > <xsd:element name="load-from" type="uri-type" minOccurs="1" maxOccurs="1"/> > <xsd:element name="resource" type="name-type" minOccurs="1" maxOccurs="1"/> > {code} > The parser seems to look for 'uri' rather than 'load-from' -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-293) Add file based auth to http management interface

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-293?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-293: --------------------------------- Fix Version/s: 1.1.0.Beta8 (was: 1.1.0.Beta7) > Add file based auth to http management interface > ------------------------------------------------ > > Key: ELY-293 > URL: https://issues.jboss.org/browse/ELY-293 > Project: WildFly Elytron > Issue Type: Feature Request > Components: HTTP > Reporter: Max Rydahl Andersen > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta8 > > > usecase: allow clients using http api to use the file based auth so they do not have to rely on the binary protocol and remoting. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-286) HTTP Digest Authentication

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-286?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-286: --------------------------------- Fix Version/s: 1.1.0.Beta8 (was: 1.1.0.Beta7) > HTTP Digest Authentication > -------------------------- > > Key: ELY-286 > URL: https://issues.jboss.org/browse/ELY-286 > Project: WildFly Elytron > Issue Type: Sub-task > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta8 > > > Original Digest RFC [https://tools.ietf.org/html/rfc2069] > Current Digest RFC [https://tools.ietf.org/html/rfc2617] > HTTP 1.1 Authentication (Updates RFC2617) [https://tools.ietf.org/html/rfc7235] > Draft currently under discussion - [https://datatracker.ietf.org/doc/draft-ietf-httpauth-digest/] > RFC7616 Now Proposed Standard > "HTTP Digest Access Authentication", September 2015 > [https://www.rfc-editor.org/info/rfc7616] -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-279) Support CORS

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-279?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-279: --------------------------------- Fix Version/s: 1.1.0.Beta8 (was: 1.1.0.Beta7) > Support CORS > ------------ > > Key: ELY-279 > URL: https://issues.jboss.org/browse/ELY-279 > Project: WildFly Elytron > Issue Type: Feature Request > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta8 > > > This is something that can possibly be tied in around the HTTP authentication framework meaning that the control of this can live in the HTTP authentication policy within Elytron rather than at the front end. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-262) The equivalent of wrap and unwrap for HTTP authentication mechanisms

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-262?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-262: --------------------------------- Fix Version/s: 1.1.0.Beta8 (was: 1.1.0.Beta7) > The equivalent of wrap and unwrap for HTTP authentication mechanisms > -------------------------------------------------------------------- > > Key: ELY-262 > URL: https://issues.jboss.org/browse/ELY-262 > Project: WildFly Elytron > Issue Type: Sub-task > Components: HTTP > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta8 > > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-261) Rework (and move) UsernamePasswordHashUtil

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-261?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-261: --------------------------------- Fix Version/s: 1.1.0.Beta8 (was: 1.1.0.Beta7) > Rework (and move) UsernamePasswordHashUtil > ------------------------------------------ > > Key: ELY-261 > URL: https://issues.jboss.org/browse/ELY-261 > Project: WildFly Elytron > Issue Type: Feature Request > Components: API / SPI, Passwords > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta8 > > > Firstly this class is not really SASL specific so should be in a general util package. > Secondly we now have password specs and a PasswordFactory - if this class still has a future then maybe it should be using those instead of it's own custom implementation. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-428) HTTP Mechanism configuration during deployment

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-428?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-428: --------------------------------- Fix Version/s: 1.1.0.Beta8 (was: 1.1.0.Beta7) > HTTP Mechanism configuration during deployment > ---------------------------------------------- > > Key: ELY-428 > URL: https://issues.jboss.org/browse/ELY-428 > Project: WildFly Elytron > Issue Type: Enhancement > Components: HTTP > Affects Versions: 1.0.2.Final > Reporter: Pedro Igor > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 1.1.0.Beta8 > > > It should be possible to configure a HTTP mechanism during deployment in order to parse/load configuration and reuse it in subsequent requests to an application. > The most common use case for that is around mechanisms that need to read some configuration from inside a deployment (or provided by the mech config) when it is being deployed to the server. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-422) Default SSLContext?

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-422?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-422: --------------------------------- Fix Version/s: 1.1.0.Beta8 (was: 1.1.0.Beta7) > Default SSLContext? > ------------------- > > Key: ELY-422 > URL: https://issues.jboss.org/browse/ELY-422 > Project: WildFly Elytron > Issue Type: Task > Components: SSL > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta8 > > > We know we want one, what we don't know is exactly that it means and is it an Elytron concern or subsystem concern. > One issue is within Elytron our SSLContext implementations are either server side specific or client side specific - we may even want to review if there is any way to review what it is being used for and act accordingly. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-398) Authorization decisions for identity manipulation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-398?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-398: --------------------------------- Fix Version/s: 1.1.0.Beta8 (was: 1.1.0.Beta7) > Authorization decisions for identity manipulation > ------------------------------------------------- > > Key: ELY-398 > URL: https://issues.jboss.org/browse/ELY-398 > Project: WildFly Elytron > Issue Type: Task > Components: Realms > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta8 > > > We need to ensure we have appropriate permissions checks in place where one identity is manipulating another identity. > It is possible the subsystem will take a lot of the responsibility but lets start here with an issue. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2016