January 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-1802) Integrate OpenSSL Provider registration with Elytron

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1802?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-1802: ------------------------------- Fix Version/s: 3.0.0.Alpha18 (was: 3.0.0.Alpha17) > Integrate OpenSSL Provider registration with Elytron > ---------------------------------------------------- > > Key: WFCORE-1802 > URL: https://issues.jboss.org/browse/WFCORE-1802 > Project: WildFly Core > Issue Type: Task > Reporter: Stuart Douglas > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Alpha18 > > > We need to remove the following block from SecurityRealmResourceDefinition: - > {code} > static { > //register the Openssl Provider, if possible > //not really sure if this is the best place for it > try { > OpenSSLProvider.register(); > DomainManagementLogger.ROOT_LOGGER.registeredOpenSSLProvider(); > } catch (Throwable t){ > DomainManagementLogger.ROOT_LOGGER.debugf(t, "Failed to register OpenSSL provider"); > } > } > {code} > Registration will then be possible within the Elytron subsystem configuration. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1598) Conversion of Elytron SecurityIdentity to Subject for communication with older hosts.

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1598?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-1598: ------------------------------- Fix Version/s: 3.0.0.Alpha18 (was: 3.0.0.Alpha17) > Conversion of Elytron SecurityIdentity to Subject for communication with older hosts. > ------------------------------------------------------------------------------------- > > Key: WFCORE-1598 > URL: https://issues.jboss.org/browse/WFCORE-1598 > Project: WildFly Core > Issue Type: Task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Alpha18 > > > In the domain hierarchy clients trust the server they communicate with so this server currently sends a serialized representation of the Subject containing information about the user initiating the request. > For Elytron we will use the new identity propagation features however for older slaves we will need to convert to a Subject representation. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1955) Wrap Kerberos behaviour of legacy realms with Elytron components

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1955?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-1955: ------------------------------- Fix Version/s: 3.0.0.Alpha18 (was: 3.0.0.Alpha17) > Wrap Kerberos behaviour of legacy realms with Elytron components > ---------------------------------------------------------------- > > Key: WFCORE-1955 > URL: https://issues.jboss.org/browse/WFCORE-1955 > Project: WildFly Core > Issue Type: Task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Alpha18 > > > An re-enable the following test: - > * org.jboss.as.test.integration.domain.KerberosServerIdentityTestCase -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1956) Audit logging post migration to WildFly Elytron

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1956?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-1956: ------------------------------- Fix Version/s: 3.0.0.Alpha18 (was: 3.0.0.Alpha17) > Audit logging post migration to WildFly Elytron > ----------------------------------------------- > > Key: WFCORE-1956 > URL: https://issues.jboss.org/browse/WFCORE-1956 > Project: WildFly Core > Issue Type: Task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Alpha18 > > > Also re-enable the following test: - > * org.jboss.as.test.integration.domain.suites.AuditLogTestCase -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1944) Convert domain-management tests to reference Elytron SecurityRealm and remove old CallbackHandler code.

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1944?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-1944: ------------------------------- Fix Version/s: 3.0.0.Alpha18 (was: 3.0.0.Alpha17) > Convert domain-management tests to reference Elytron SecurityRealm and remove old CallbackHandler code. > ------------------------------------------------------------------------------------------------------- > > Key: WFCORE-1944 > URL: https://issues.jboss.org/browse/WFCORE-1944 > Project: WildFly Core > Issue Type: Task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Alpha18 > > > The important pieces of code within the legacy security realms are being wrapped using Elytron components, items like the legacy CallbackHandlers can be removed but existing tests need porting to call Elytron APIs. > The legacy tests do need to be retained as they offer a good level of regression testing for the legacy realms. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1964) Internal ModelControllerClient should bypass access control by default

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1964?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-1964: ------------------------------- Fix Version/s: 3.0.0.Alpha18 (was: 3.0.0.Alpha17) > Internal ModelControllerClient should bypass access control by default > ---------------------------------------------------------------------- > > Key: WFCORE-1964 > URL: https://issues.jboss.org/browse/WFCORE-1964 > Project: WildFly Core > Issue Type: Task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Alpha18 > > > This is continuing compatibility where in-vm clients can perform actions without triggering management access control. > It would be nice also if we could find a way to make it possible to selectively disable this for cases where we want identity propagation between applications and the management tier. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1963) Clean up the 'TODO Elytron' issues.

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1963?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-1963: ------------------------------- Fix Version/s: 3.0.0.Alpha18 (was: 3.0.0.Alpha17) > Clean up the 'TODO Elytron' issues. > ----------------------------------- > > Key: WFCORE-1963 > URL: https://issues.jboss.org/browse/WFCORE-1963 > Project: WildFly Core > Issue Type: Task > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Alpha18 > > > A few classes have 'TODO Elytron' comments that need addressing. > Current List: - > {noformat} > ./core-model-test/tests/src/test/java/org/jboss/as/core/model/test/access/RoleMappingTestCase.java > ./jmx/src/test/java/org/jboss/as/jmx/rbac/JmxRbacTestCase.java > ./remoting/subsystem/src/main/java/org/jboss/as/remoting/RemotingHttpUpgradeService.java > ./remoting/subsystem/src/main/java/org/jboss/as/remoting/AbstractStreamServerService.java > ./testsuite/standalone/src/test/java/org/wildfly/core/test/standalone/mgmt/api/core/ConfigurationChangesHistoryTestCase.java > ./host-controller/src/main/java/org/jboss/as/domain/controller/plan/AbstractServerGroupRolloutTask.java > ./controller/src/main/java/org/jboss/as/controller/remote/TransactionalProtocolOperationHandler.java > ./controller/src/main/java/org/jboss/as/controller/ParallelBootOperationStepHandler.java > ./controller/src/main/java/org/jboss/as/controller/access/management/ManagementSecurityIdentitySupplier.java > ./server/src/main/java/org/jboss/as/server/mgmt/domain/HostControllerConnectionService.java > ./domain-management/src/main/java/org/jboss/as/domain/management/security/UserDomainCallbackHandler.java > ./domain-management/src/main/java/org/jboss/as/domain/management/security/WhoAmIOperation.java > ./domain-management/src/main/java/org/jboss/as/domain/management/security/PlugInAuthenticationCallbackHandler.java > ./domain-management/src/main/java/org/jboss/as/domain/management/security/JaasCallbackHandler.java > ./domain-management/src/main/java/org/jboss/as/domain/management/security/KerberosCallbackHandler.java > ./domain-management/src/main/java/org/jboss/as/domain/management/security/ClientCertCallbackHandler.java > {noformat} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1958) Clean up testsuite Elytron registration

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1958?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-1958: ------------------------------- Fix Version/s: 3.0.0.Alpha18 (was: 3.0.0.Alpha17) > Clean up testsuite Elytron registration > --------------------------------------- > > Key: WFCORE-1958 > URL: https://issues.jboss.org/browse/WFCORE-1958 > Project: WildFly Core > Issue Type: Task > Components: Test Suite > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Alpha18 > > > In a couple of places we have artificially registered the WildFly Elytron Security provider, we need to address this so tests can automatically have it available to them.. > Also re-enable the following test case: - > * org.jboss.as.test.integration.domain.suites.FullRbacProviderRunAsTestSuite -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2060) Support Elytron RoleMapper categories

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2060?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2060: ------------------------------- Fix Version/s: 3.0.0.Alpha18 (was: 3.0.0.Alpha17) > Support Elytron RoleMapper categories > ------------------------------------- > > Key: WFCORE-2060 > URL: https://issues.jboss.org/browse/WFCORE-2060 > Project: WildFly Core > Issue Type: Feature Request > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Alpha18 > > > (Support for this could be added later, just scheduling in current releases for now if we have time) > The Elytron role mapping configuration can contain different mappers for different categories, this issue is to make use of categories for management role mapping. > We need to decide if we use hard coded names, some naming convention which is part hard coded, part based on deployment or a fully configurable category. > On the access=authorization resource this could simply be an optional String 'role-category' if we go for configured. Possibly a boolean to state if we fallback to the default RoleMapping on the domain. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2059) Deprecate management role mappings

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2059?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2059: ------------------------------- Fix Version/s: 3.0.0.Alpha18 (was: 3.0.0.Alpha17) > Deprecate management role mappings > ---------------------------------- > > Key: WFCORE-2059 > URL: https://issues.jboss.org/browse/WFCORE-2059 > Project: WildFly Core > Issue Type: Task > Components: Domain Management > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Alpha18 > > > The Elytron SecurityDomain becomes the common point where policy information such as role mapping should be handled. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira January 2017