January 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2025) CLI SSLContext Priority

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2025?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2025: ------------------------------------- Fix Version/s: 3.0.0.Alpha23 (was: 3.0.0.Alpha21) > CLI SSLContext Priority > ----------------------- > > Key: WFCORE-2025 > URL: https://issues.jboss.org/browse/WFCORE-2025 > Project: WildFly Core > Issue Type: Task > Components: CLI, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 3.0.0.Alpha23 > > > We have three different places an SSLContext could come from for the CLI: - > # CLI Configuration > # AuthenticationClient Configuration > # Default interactive SSLContext > We need to ensure they are prioritised as above. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2016) Change sasl-authentication-factor for management auth works after reload, but not after server restart

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2016?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2016: ------------------------------------- Fix Version/s: 3.0.0.Alpha23 (was: 3.0.0.Alpha21) > Change sasl-authentication-factor for management auth works after reload, but not after server restart > ------------------------------------------------------------------------------------------------------ > > Key: WFCORE-2016 > URL: https://issues.jboss.org/browse/WFCORE-2016 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Reporter: Zach Rhoads > Assignee: Darran Lofthouse > Fix For: 3.0.0.Alpha23 > > > I can successfully configure a new sasl-authentication-factory and assign it to the management interface: > {code} > /subsystem=elytron/filesystem-realm=exampleFsRealm:add(path=fs-realm-users,relative-to=jboss.server.config.dir) > /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:add() > /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:set-password(clear={password="password123"}) > /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:add-attribute(name=Roles, value=["Admin","Guest"]) > /subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=Roles) > /subsystem=elytron/security-domain=exampleFsSD:add(realms=[{realm=exampleFsRealm,role-decoder=from-roles-attribute}],default-realm=exampleFsRealm,permission-mapper=login-permission-mapper) > /subsystem=elytron/sasl-authentication-factory=example-sasl-auth:add(sasl-server-factory=configured,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=exampleSaslRealm}]}]) > /core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade.sasl-authentication-factory, value=example-sasl-auth) > reload > {code} > after reload, i am forced to re-authenticate and it succeeds: > {code} > [standalone@localhost:9990 /] reload > Authenticating against security realm: exampleSaslRealm > Username: user1 > Password: > [standalone@localhost:9990 /] > {code} > Once i restart the server though and try to connect, i get a timeout: > {code} > $ ./jboss-cli.sh -c > Failed to connect to the controller: The controller is not available at localhost:9990: java.net.ConnectException: WFLYPRT0023: Could not connect to remote+http://localhost:9990. The connection timed out: WFLYPRT0023: Could not connect to remote+http://localhost:9990. The connection timed out > {code} > It also fails if i force no local auth: > {code} > $ ./jboss-cli.sh -c --no-local-auth > Failed to connect to the controller: The controller is not available at localhost:9990: java.net.ConnectException: WFLYPRT0023: Could not connect to remote+http://localhost:9990. The connection timed out: WFLYPRT0023: Could not connect to remote+http://localhost:9990. The connection timed out > {code}/ -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1965) Remove the jboss-logging-annotations dependency from the core feature pack.

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1965?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-1965: ------------------------------------- Fix Version/s: 3.0.0.Alpha23 (was: 3.0.0.Alpha21) > Remove the jboss-logging-annotations dependency from the core feature pack. > --------------------------------------------------------------------------- > > Key: WFCORE-1965 > URL: https://issues.jboss.org/browse/WFCORE-1965 > Project: WildFly Core > Issue Type: Task > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 3.0.0.Alpha23 > > > This was added inadvertently with some other changes: - > {noformat} > <dependency> > <groupId>org.jboss.logging</groupId> > <artifactId>jboss-logging-annotations</artifactId> > </dependency> > {noformat} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2136) Using management CLI with client configuration still prompts for username/password

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2136?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2136: ------------------------------------- Fix Version/s: 3.0.0.Alpha23 (was: 3.0.0.Alpha21) > Using management CLI with client configuration still prompts for username/password > ---------------------------------------------------------------------------------- > > Key: WFCORE-2136 > URL: https://issues.jboss.org/browse/WFCORE-2136 > Project: WildFly Core > Issue Type: Bug > Components: CLI, Security > Reporter: Zach Rhoads > Assignee: Darran Lofthouse > Fix For: 3.0.0.Alpha23 > > > When configuring the wildfly management cli to use an elytron client config file, server still prompts for username password. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2115) Upgrade jboss-remoting to 5.0.0.Beta13

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2115?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2115: ------------------------------------- Fix Version/s: 3.0.0.Alpha23 (was: 3.0.0.Alpha21) > Upgrade jboss-remoting to 5.0.0.Beta13 > -------------------------------------- > > Key: WFCORE-2115 > URL: https://issues.jboss.org/browse/WFCORE-2115 > Project: WildFly Core > Issue Type: Component Upgrade > Affects Versions: 3.0.0.Alpha15 > Reporter: Tomasz Adamski > Assignee: Tomasz Adamski > Fix For: 3.0.0.Alpha23 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2071) Properly handle unknown roles instead of throwing exception

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2071?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2071: ------------------------------------- Fix Version/s: 3.0.0.Alpha23 (was: 3.0.0.Alpha21) > Properly handle unknown roles instead of throwing exception > ----------------------------------------------------------- > > Key: WFCORE-2071 > URL: https://issues.jboss.org/browse/WFCORE-2071 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Pedro Igor > Assignee: Darran Lofthouse > Fix For: 3.0.0.Alpha23 > > > When mapping roles directly from the identity: > {code} > <access-control provider="rbac" use-identity-roles="true"/> > {code} > If the identity has a role that is not known, a {{UnknowRoleException}} is thrown. > Ideally, we should just ignore unknown roles. Or is there any reason for this check ? -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2068) HTTPSConnectionWithCLITestCase and HTTPSManagementInterfaceTestCase Failing Due To Native Protocol Issue

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2068?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2068: ------------------------------------- Fix Version/s: 3.0.0.Alpha23 (was: 3.0.0.Alpha21) > HTTPSConnectionWithCLITestCase and HTTPSManagementInterfaceTestCase Failing Due To Native Protocol Issue > -------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2068 > URL: https://issues.jboss.org/browse/WFCORE-2068 > Project: WildFly Core > Issue Type: Bug > Components: Remoting, Test Suite > Reporter: Darran Lofthouse > Assignee: Jean-Francois Denise > Priority: Blocker > Fix For: 3.0.0.Alpha23 > > > The listed test case is failing during clean up with the following error: - > {noformat} > java.io.IOException: java.io.IOException: WFLYPRT0054: Channel closed > at org.jboss.as.protocol.mgmt.ManagementClientChannelStrategy$Establishing.getChannel(ManagementClientChannelStrategy.java:166) > at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:135) > at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:59) > at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:135) > at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:110) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:80) > {noformat} > The stage of the test using HTTP Upgrade over a HTTPS connection appears to be working fine, the issue is with the native management interface used for test clean up. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2059) Deprecate management role mappings

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2059?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2059: ------------------------------------- Fix Version/s: 3.0.0.Alpha23 (was: 3.0.0.Alpha21) > Deprecate management role mappings > ---------------------------------- > > Key: WFCORE-2059 > URL: https://issues.jboss.org/browse/WFCORE-2059 > Project: WildFly Core > Issue Type: Task > Components: Domain Management > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Alpha23 > > > The Elytron SecurityDomain becomes the common point where policy information such as role mapping should be handled. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2163) Server does not start when Elytron authentication + legacy SSL is used in HTTP management interface

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2163?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2163: ------------------------------------- Fix Version/s: 3.0.0.Alpha23 (was: 3.0.0.Alpha21) > Server does not start when Elytron authentication + legacy SSL is used in HTTP management interface > --------------------------------------------------------------------------------------------------- > > Key: WFCORE-2163 > URL: https://issues.jboss.org/browse/WFCORE-2163 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 3.0.0.Alpha23 > > > In case when legacy security-realm for SSL is used together with Elytron authentication in HTTP management interface then server is not started. > I am using following configuration for HTTP management interface (see Steps to Reproduce for more details): > {code} > <http-interface http-authentication-factory="management-http-authentication" security-realm="ManagementRealmHTTPS"> > <http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/> > <socket-binding http="management-http" https="management-https"/> > </http-interface> > {code} > Server is not started and following errors occur in log: > {code} > ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.management.http.extensible: org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service > at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:330) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1963) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1896) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided. > at org.jboss.as.domain.http.server.ManagementHttpServer.getSSLContext(ManagementHttpServer.java:225) > at org.jboss.as.domain.http.server.ManagementHttpServer.create(ManagementHttpServer.java:254) > at org.jboss.as.domain.http.server.ManagementHttpServer.access$2400(ManagementHttpServer.java:107) > at org.jboss.as.domain.http.server.ManagementHttpServer$Builder.build(ManagementHttpServer.java:589) > at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:292) > ... 5 more > {code} > and > {code} > ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ > ("core-service" => "management"), > ("management-interface" => "http-interface") > ]) - failure description: { > "WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service > Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided."}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.management.http.extensible"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > } > ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ > ("core-service" => "management"), > ("management-interface" => "http-interface") > ]) - failure description: { > "WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service > Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided."}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.management.http.extensible"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > } > {code} > According to comments in EAP7-545 Analysis document [1], when security-realm and http-authentication-factory are specified but no ssl-context is used then it should lead to use legacy security-realm for SSL configuration and http-authentication-factory for authentication. > [1] https://docs.google.com/document/d/1LsS-CGUJSDwGcFUva0g-BF9ZIq0jwx__1e_oJ... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2224) Management issues on host after enabling RBAC

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2224?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2224: ------------------------------------- Fix Version/s: 3.0.0.Alpha23 (was: 3.0.0.Alpha21) > Management issues on host after enabling RBAC > --------------------------------------------- > > Key: WFCORE-2224 > URL: https://issues.jboss.org/browse/WFCORE-2224 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Alpha16 > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Alpha23 > > > When enabling RBAC ({{/core-service=management/access=authorization:write-attribute(name=provider, value=rbac)}}), it is not possible to add role mappings: > {code} > [domain@localhost:9990 /] /core-service=management/access=authorization/role-mapping=Maintainer:add() > { > "outcome" => "failed", > "result" => undefined, > "failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => {"main-server-group" => {"host" => {"master" => { > "server-one" => "WFLYCTL0216: Management resource '[ > (\"core-service\" => \"management\"), > (\"access\" => \"authorization\"), > (\"role-mapping\" => \"Maintainer\") > ]' not found", > "server-two" => "WFLYCTL0216: Management resource '[ > (\"core-service\" => \"management\"), > (\"access\" => \"authorization\"), > (\"role-mapping\" => \"Maintainer\") > ]' not found" > }}}}}}, > "rolled-back" => true, > "server-groups" => {"main-server-group" => {"host" => {"master" => { > "server-one" => {"response" => { > "outcome" => "failed", > "failure-description" => "WFLYCTL0216: Management resource '[ > (\"core-service\" => \"management\"), > (\"access\" => \"authorization\"), > (\"role-mapping\" => \"Maintainer\") > ]' not found", > "rolled-back" => true > }}, > "server-two" => {"response" => { > "outcome" => "failed", > "failure-description" => "WFLYCTL0216: Management resource '[ > (\"core-service\" => \"management\"), > (\"access\" => \"authorization\"), > (\"role-mapping\" => \"Maintainer\") > ]' not found", > "rolled-back" => true > }} > }}}} > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira January 2017