January 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-7448) Wrong description of Elytron configurable-sasl-server-factory in management model

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7448?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7448: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Wrong description of Elytron configurable-sasl-server-factory in management model > --------------------------------------------------------------------------------- > > Key: WFLY-7448 > URL: https://issues.jboss.org/browse/WFLY-7448 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 11.0.0.Alpha1 > > > Description of {{configurable-sasl-server-factory}} resource in CLI is incorrectly copied from {{aggregate-sasl-server-factory}}. It says "description" => "A sasl server factory definition where the sasl server factory is an aggregation of other sasl server factories.". -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7449) Wrong description of Elytron configurable-http-server-mechanism-factory in management model

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7449?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7449: ----------------------------------- Summary: Wrong description of Elytron configurable-http-server-mechanism-factory in management model (was: Wrong description of Elytron configurable-http-server-mechanism-factory in CLI) > Wrong description of Elytron configurable-http-server-mechanism-factory in management model > ------------------------------------------------------------------------------------------- > > Key: WFLY-7449 > URL: https://issues.jboss.org/browse/WFLY-7449 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 11.0.0.Alpha1 > > > Description of {{configurable-http-server-mechanism-factory}} resource is incorrectly copied from {{aggregate-sasl-server-factory}}. It said "description" => "A sasl server factory definition where the sasl server factory is an aggregation of other sasl server factories.". -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7449) Wrong description of Elytron configurable-http-server-mechanism-factory in management model

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7449?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7449: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Wrong description of Elytron configurable-http-server-mechanism-factory in management model > ------------------------------------------------------------------------------------------- > > Key: WFLY-7449 > URL: https://issues.jboss.org/browse/WFLY-7449 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 11.0.0.Alpha1 > > > Description of {{configurable-http-server-mechanism-factory}} resource is incorrectly copied from {{aggregate-sasl-server-factory}}. It said "description" => "A sasl server factory definition where the sasl server factory is an aggregation of other sasl server factories.". -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7450) Wrong documentation of Elytron configurable-http-server-mechanism-factory properties element in XSD

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7450?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7450: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Wrong documentation of Elytron configurable-http-server-mechanism-factory properties element in XSD > --------------------------------------------------------------------------------------------------- > > Key: WFLY-7450 > URL: https://issues.jboss.org/browse/WFLY-7450 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 11.0.0.Alpha1 > > > Documentation of element {{properties}} for {{configurable-http-server-mechanism-factory}} (httpServerMechanismFactoryType) in wildfly-elytron_1_0.xsd says: "Additional properties that should be passed to the factor for SASL mechanism detection and creation.". However it should be HTTP mechanism instead of SASL. There is also typo "factor", it should be "factory". -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7462) Do not log common CLI failures for Elytron to server log

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7462?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7462: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Do not log common CLI failures for Elytron to server log > -------------------------------------------------------- > > Key: WFLY-7462 > URL: https://issues.jboss.org/browse/WFLY-7462 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > Labels: user_experience > Fix For: 11.0.0.Alpha1 > > > Almost every common CLI command failure from Elytron subsystem is logged as ERROR to server log. For example this means: > * trying to add duplicate service -> ERROR in server log > * missing required attribute of any resource attribute in CLI command -> ERROR in server log > * missing capability -> ERROR in server log > * ... > Some reasons why these logs should not be logged to server log: > * Adding useless messages to server log. > * This is inconsistent with other subsystems (e.g. PicketBox). It can be confusing. > These common CLI command failures should be removed from the log, or logged on low level (i.e. DEBUG) -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7455) Confusing attribute named http-server-factories in Elytron aggregate-http-server-mechanism-factory

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7455?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7455: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Confusing attribute named http-server-factories in Elytron aggregate-http-server-mechanism-factory > -------------------------------------------------------------------------------------------------- > > Key: WFLY-7455 > URL: https://issues.jboss.org/browse/WFLY-7455 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 11.0.0.Alpha1 > > > Elytron {{aggregate-http-server-mechanism-factory}} includes attribute named {{http-server-factories}} which refers {{org.wildfly.security.http-server-mechanism-factory}} capability. Name of this attribute should be changed from {{http-server-factories}} to {{http-server-mechanism-factories}} because: > * it should be consistent with other Elytron resources which uses name {{http-server-mechanism-factory}} > * it can be confused since {{http-server-factories}} seems as it may also refer some {{org.wildfly.security.http-authentication-factory}} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7472) Elytron key/trust-manager-factory default algorithm

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7472?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7472: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Elytron key/trust-manager-factory default algorithm > --------------------------------------------------- > > Key: WFLY-7472 > URL: https://issues.jboss.org/browse/WFLY-7472 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Martin Choma > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 11.0.0.Alpha1 > > > {{key-manager-factory}} and {{trust-manager-factory}} requires user to specify algorithm. > Consider defaulting in elytron code to {{TrustManagerFactory.getDefaultAlgorithm()}} and {{KeyManagerFactory.getDefaultAlgorithm()}}. > It is java portable as for oracle java it returns SunX509 and for Ibm java IbmX509. > This JIRA is in scope of "user experience", minimizing necessary user input configuration. > David: "The trust manager definitely should use the default algorithm when none is given; in this case the algorithm name isn't an "algorithm" per se, it's just an implementation name." -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7475) Complicated failure-descriptions in Elytron simple-permission-mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7475?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7475: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Complicated failure-descriptions in Elytron simple-permission-mapper > -------------------------------------------------------------------- > > Key: WFLY-7475 > URL: https://issues.jboss.org/browse/WFLY-7475 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 11.0.0.Alpha1 > > > There are complicated failure-descriptions in Elytron simple-permission-mapper. They include some details from exceptions which are not needed and can be confused for non-java administrators. Please handle these exceptions and provide some user friendly failure-description. > Examples of complicated failure-description in simple-permission-mapper: > * Wrong name of permission class: > {code} > /subsystem=elytron/simple-permission-mapper=mapper:add(permission-mappings=[{permissions=[{action=read,class-name=org.wildfly.security.auth.permission.WrongLoginPermission,target-name=someName}]}]) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-mapper.mapper" => "org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.mapper: WFLYELY00021: Exception while creating the permission object for the permission mapping. Please check [class-name], [target-name] (name of permission) and [action] of [org.wildfly.security.auth.permission.WrongLoginPermission]. > Caused by: org.wildfly.security.permission.InvalidPermissionClassException: ELY03015: Could not load permission class \"org.wildfly.security.auth.permission.WrongLoginPermission\" > Caused by: java.lang.ClassNotFoundException: org.wildfly.security.auth.permission.WrongLoginPermission from [Module \"org.wildfly.extension.elytron:main\" from local module loader @5479e3f (finder: local module finder @27082746 (roots: /home/olukas/workspace/uxcli/jboss-eap-7.1/modules,/home/olukas/workspace/uxcli/jboss-eap-7.1/modules/system/layers/base))]"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.permission-mapper.mapper"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > * Adding permission, but non existing module is used: > {code} > /subsystem=elytron/simple-permission-mapper=mapper:add(permission-mappings=[{permissions=[{action=read,class-name=org.wildfly.security.auth.permission.LoginPermission,target-name=someName,module=some.nonexist.module}]}]) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-mapper.mapper" => "org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.mapper: org.jboss.modules.ModuleNotFoundException: some.nonexist.module:main > Caused by: org.jboss.modules.ModuleNotFoundException: some.nonexist.module:main"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.permission-mapper.mapper"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > Suggestion for improvement: > * use only description of failure, e.g. something like "module a.b.c. does not exist" > * do not use any unneeded information - e.g. "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7479) Definition Credential Store with existing storage file but with wrong key password causes ugly failure-description.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7479?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7479: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Definition Credential Store with existing storage file but with wrong key password causes ugly failure-description. > ------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-7479 > URL: https://issues.jboss.org/browse/WFLY-7479 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Fix For: 11.0.0.Alpha1 > > > Definition Credential Store with existing storage file but with wrong key password causes ugly failure-description. > *How to reproduce* > Prepare credential store file (the easiest way is create credential store from scratch) > /subsystem=elytron/credential-store=cs_pass123:add(uri="cr-store://test/cs/ks-pass123.jceks?store.password=pass123;create.storage=true") > /subsystem=elytron/credential-store=cs_pass123/alias=dbPass:add(secret-value=passwordToDB) > Then I try to create Credential store with wrong key password to existing store file. > /subsystem=elytron/credential-store=cs_wrong_key_pass:add(uri="cr-store://test/cs/ks-pass123.jceks?store.password=pass123;key.password=pass456") > *I can see this result:* > {code} > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.credential-store-client.cs_wrong_key_pass" => "org.jboss.msc.service.StartException in service org.wildfly.security.credential-store-client.cs_wrong_key_pass: WFLYELY00004: Unable to start the service. > Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09506: Cannot read credential storage file '/home/hsvabek/securityworkspace/VERIFICATION/2016_11_02_UX_testing/jboss-eap-7.1.0.DR7/standalone/data/cs/ks-pass123.jceks' for the store named 'cs_wrong_key_pass' > Caused by: java.security.UnrecoverableKeyException: Given final block not properly padded"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.credential-store-client.cs_wrong_key_pass"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > *Suggestion for solution* > failure-description must not contain Exception or snippet stacktrace. > Description like that "Password for credential store key is incorrect." -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7478) Definition Credential Store with non-existent storage file causes ugly failure-description with Exception.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7478?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7478: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Definition Credential Store with non-existent storage file causes ugly failure-description with Exception. > ---------------------------------------------------------------------------------------------------------- > > Key: WFLY-7478 > URL: https://issues.jboss.org/browse/WFLY-7478 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Fix For: 11.0.0.Alpha1 > > > Definition Credential Store with non-existent storage file causes ugly failure-description with Exception. > When I define Credential > Store for non-existent JCEKS file > {code} > /subsystem=elytron/credential-store=cs_not_found_exception:add(uri="cr-store://test/cs/keystore-non-existent.jceks?store.password=pass123") > {code} > then I got very ugly failure description > {code} > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.credential-store-client.cs_not_found_exception" => "org.jboss.msc.service.StartException in service org.wildfly.security.credential-store-client.cs_not_found_exception: WFLYELY00004: Unable to start the service. > Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09506: Cannot read credential storage file '/home/hsvabek/securityworkspace/VERIFICATION/2016_11_02_UX_testing/jboss-eap-7.1.0.DR7/standalone/data/cs/keystore-not_exists.jceks' for the store named 'cs_not_found_exception' > Caused by: java.io.FileNotFoundException: /home/hsvabek/securityworkspace/VERIFICATION/2016_11_02_UX_testing/jboss-eap-7.1.0.DR7/standalone/data/cs/keystore-not_exists.jceks (No such file or directory)"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.credential-store-client.cs_not_found_exception"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > *Suggestion for solution* > failure-description must not contain Exception or snippet stacktrace. > Description like that "Credential store file XYZ doesn't exist. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira January 2017