[JBoss JIRA] (WFLY-7986) Add some exclusions to the 'org.wildfly.extension.elytron' module.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-7986?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse updated WFLY-7986:
-----------------------------------
Priority: Critical (was: Major)
> Add some exclusions to the 'org.wildfly.extension.elytron' module.
> ------------------------------------------------------------------
>
> Key: WFLY-7986
> URL: https://issues.jboss.org/browse/WFLY-7986
> Project: WildFly
> Issue Type: Task
> Components: Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Critical
> Fix For: 11.0.0.Alpha1
>
>
> Likely to be something like: -
> {{
> <exports>
> <exclude path="org/wildfly/extension/elytron/ElytronExtension"/>
> <exclude path="org/wildfly/extension/elytron/_private"/>
> <exclude path="org/wildfly/extension/elytron/capabilities"/>
> </exports>
> }}
> Although capabilities also needs to be double checked, this may be moved and hidden using standard Java visibility modifiers.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 4 months
[JBoss JIRA] (WFLY-7986) Add some exclusions to the 'org.wildfly.extension.elytron' module.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-7986?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse updated WFLY-7986:
-----------------------------------
Description:
Likely to be something like: -
bq. <exports>
bq. <exclude path="org/wildfly/extension/elytron/ElytronExtension"/>
bq. <exclude path="org/wildfly/extension/elytron/_private"/>
bq. <exclude path="org/wildfly/extension/elytron/capabilities"/>
bq. </exports>
Although capabilities also needs to be double checked, this may be moved and hidden using standard Java visibility modifiers.
was:
Likely to be something like: -
{{
<exports>
<exclude path="org/wildfly/extension/elytron/ElytronExtension"/>
<exclude path="org/wildfly/extension/elytron/_private"/>
<exclude path="org/wildfly/extension/elytron/capabilities"/>
</exports>
}}
Although capabilities also needs to be double checked, this may be moved and hidden using standard Java visibility modifiers.
> Add some exclusions to the 'org.wildfly.extension.elytron' module.
> ------------------------------------------------------------------
>
> Key: WFLY-7986
> URL: https://issues.jboss.org/browse/WFLY-7986
> Project: WildFly
> Issue Type: Task
> Components: Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Critical
> Fix For: 11.0.0.Alpha1
>
>
> Likely to be something like: -
> bq. <exports>
> bq. <exclude path="org/wildfly/extension/elytron/ElytronExtension"/>
> bq. <exclude path="org/wildfly/extension/elytron/_private"/>
> bq. <exclude path="org/wildfly/extension/elytron/capabilities"/>
> bq. </exports>
> Although capabilities also needs to be double checked, this may be moved and hidden using standard Java visibility modifiers.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 4 months
[JBoss JIRA] (WFLY-7986) Add some exclusions to the 'org.wildfly.extension.elytron' module.
by Darran Lofthouse (JIRA)
Darran Lofthouse created WFLY-7986:
--------------------------------------
Summary: Add some exclusions to the 'org.wildfly.extension.elytron' module.
Key: WFLY-7986
URL: https://issues.jboss.org/browse/WFLY-7986
Project: WildFly
Issue Type: Task
Components: Security
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: 11.0.0.Alpha1
Likely to be something like: -
{{
<exports>
<exclude path="org/wildfly/extension/elytron/ElytronExtension"/>
<exclude path="org/wildfly/extension/elytron/_private"/>
<exclude path="org/wildfly/extension/elytron/capabilities"/>
</exports>
}}
Although capabilities also needs to be double checked, this may be moved and hidden using standard Java visibility modifiers.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 4 months
[JBoss JIRA] (WFLY-5932) Invalidating a session of an SSO on a different node than where the session was created does not logout the user
by Paul Ferraro (JIRA)
[ https://issues.jboss.org/browse/WFLY-5932?page=com.atlassian.jira.plugin.... ]
Paul Ferraro reopened WFLY-5932:
--------------------------------
Reopening per downstream.
> Invalidating a session of an SSO on a different node than where the session was created does not logout the user
> ----------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-5932
> URL: https://issues.jboss.org/browse/WFLY-5932
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 10.0.0.CR5
> Reporter: Richard Janík
> Assignee: Paul Ferraro
> Priority: Blocker
> Fix For: 10.1.0.CR1, 10.1.0.Final
>
>
> See steps to reproduce for description. Additional scenario with a failover where we don't need to authenticate with the last request (but where we should be required to authenticate):
> * Access A1, authenticate, fail A1 (e.g. shutdown the server), access A2, invalidate session on A2, access A2
> Scenarios where the SSO context is destroyed (where we need to authenticate with the last request as expected):
> * Access A1, authenticate, invalidate session on A1, access A1
> * Access A1, authenticate, access A2, invalidate session on A1, access A1
> Possibly related to JBEAP-1228, JBEAP-1282. Note that we always only have a single session bound to an SSO. I'm not flagging this as a blocker, since the issue usually doesn't manifest thanks to sticky sessions on a load balancer.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 4 months
[JBoss JIRA] (WFLY-5932) Invalidating a session of an SSO on a different node than where the session was created does not logout the user
by Paul Ferraro (JIRA)
[ https://issues.jboss.org/browse/WFLY-5932?page=com.atlassian.jira.plugin.... ]
Paul Ferraro reassigned WFLY-5932:
----------------------------------
Assignee: Paul Ferraro (was: Stuart Douglas)
> Invalidating a session of an SSO on a different node than where the session was created does not logout the user
> ----------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-5932
> URL: https://issues.jboss.org/browse/WFLY-5932
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 10.0.0.CR5
> Reporter: Richard Janík
> Assignee: Paul Ferraro
> Priority: Blocker
> Fix For: 10.1.0.CR1, 10.1.0.Final
>
>
> See steps to reproduce for description. Additional scenario with a failover where we don't need to authenticate with the last request (but where we should be required to authenticate):
> * Access A1, authenticate, fail A1 (e.g. shutdown the server), access A2, invalidate session on A2, access A2
> Scenarios where the SSO context is destroyed (where we need to authenticate with the last request as expected):
> * Access A1, authenticate, invalidate session on A1, access A1
> * Access A1, authenticate, access A2, invalidate session on A1, access A1
> Possibly related to JBEAP-1228, JBEAP-1282. Note that we always only have a single session bound to an SSO. I'm not flagging this as a blocker, since the issue usually doesn't manifest thanks to sticky sessions on a load balancer.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 4 months