January 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-7158) Working with multiple keys in key store

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFLY-7158?page=com.atlassian.jira.plugin.... ] Jan Kalina reopened WFLY-7158: ------------------------------ > Working with multiple keys in key store > --------------------------------------- > > Key: WFLY-7158 > URL: https://issues.jboss.org/browse/WFLY-7158 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Critical > Fix For: 11.0.0.Alpha1 > > > In case when 2 keys are present in keystore, then alias-filter (filtering into single key) on key-store resource has to be specified, otherwise key-manager can't be created. If user want to use keystore with multiple keys, user has to configure multiple key-store elements with specified alias-filter (filtering into single key). > That is pretty inconvinient. Probably introducing *alias attribute on key-manager* would be more intuitive solution to this situation. > {code} > /subsystem=elytron/key-managers=server:add(key-store=server,algorithm="SunX509",password=key-password) > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7653) Validate session-timeout and maximum-session-cache-size to be non-negative

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7653?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7653: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Validate session-timeout and maximum-session-cache-size to be non-negative > -------------------------------------------------------------------------- > > Key: WFLY-7653 > URL: https://issues.jboss.org/browse/WFLY-7653 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Ilia Vassilev > Labels: user_experience > Fix For: 11.0.0.Alpha1 > > > Negative values are invalid in this case because they do not make sense for these attributes. Also java throws IllegalArgumentException, when they get negative values on that place. [1] > Please add validation to limit these values to zero and positive values in: > * model > * XSD > That applies for both: > * client-ssl-context > * server-ssl-context > [1] http://www.ibm.com/support/knowledgecenter/SSVHEW_6.2.0/com.ibm.rcp.dee.j... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7653) Validate session-timeout and maximum-session-cache-size to be non-negative

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7653?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7653: ----------------------------------- Affects Version/s: (was: 11.0.0.Alpha1) > Validate session-timeout and maximum-session-cache-size to be non-negative > -------------------------------------------------------------------------- > > Key: WFLY-7653 > URL: https://issues.jboss.org/browse/WFLY-7653 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Ilia Vassilev > Labels: user_experience > > Negative values are invalid in this case because they do not make sense for these attributes. Also java throws IllegalArgumentException, when they get negative values on that place. [1] > Please add validation to limit these values to zero and positive values in: > * model > * XSD > That applies for both: > * client-ssl-context > * server-ssl-context > [1] http://www.ibm.com/support/knowledgecenter/SSVHEW_6.2.0/com.ibm.rcp.dee.j... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2156) CredentialReference marshalling not work with PersistentResourceXMLDescription parser

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2156?page=com.atlassian.jira.plugi... ] Jan Kalina closed WFCORE-2156. ------------------------------ Resolution: Duplicate Issue > CredentialReference marshalling not work with PersistentResourceXMLDescription parser > ------------------------------------------------------------------------------------- > > Key: WFCORE-2156 > URL: https://issues.jboss.org/browse/WFCORE-2156 > Project: WildFly Core > Issue Type: Bug > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Blocker > > In *org.jboss.as.controller.security.CredentialReference.credentialReferenceAttributeMarshaller()* the *marshallAsElement* method expect *credential-reference* as second param, but standard marshaller (PersistentResourceXMLDescription) puts its parent into this param. > It cause that PersistentResourceXMLDescription marshaller cannot be used for marshalling objects with CredentialReference attribute. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7158) Working with multiple keys in key store

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-7158?page=com.atlassian.jira.plugin.... ] Martin Choma commented on WFLY-7158: ------------------------------------ So this should be left opened until credential reference will be able to return keys from keystore. > Working with multiple keys in key store > --------------------------------------- > > Key: WFLY-7158 > URL: https://issues.jboss.org/browse/WFLY-7158 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Critical > Fix For: 11.0.0.Alpha1 > > > In case when 2 keys are present in keystore, then alias-filter (filtering into single key) on key-store resource has to be specified, otherwise key-manager can't be created. If user want to use keystore with multiple keys, user has to configure multiple key-store elements with specified alias-filter (filtering into single key). > That is pretty inconvinient. Probably introducing *alias attribute on key-manager* would be more intuitive solution to this situation. > {code} > /subsystem=elytron/key-managers=server:add(key-store=server,algorithm="SunX509",password=key-password) > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7575) Elytron mechanism-provider-filtering-sasl-server-factory cannot be added without filters attribute in CLI

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7575?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7575: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Elytron mechanism-provider-filtering-sasl-server-factory cannot be added without filters attribute in CLI > --------------------------------------------------------------------------------------------------------- > > Key: WFLY-7575 > URL: https://issues.jboss.org/browse/WFLY-7575 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Ilia Vassilev > Fix For: 11.0.0.Alpha1 > > > Adding {{mechanism-provider-filtering-sasl-server-factory}} without {{filters}} attribute through CLI causes IllegalArgumentException. Exception is not thrown when {{filters}} attribute is used. > It has to be decided whether: > * {{filters}} should be required, then its nillable should be changed to false and related part of XSD should not include {{minOccurs="0"}} > * {{filters}} should not be required, then {{mechanism-provider-filtering-sasl-server-factory}} must be able to be added without {{filters}} attribute - no exception should occur and {{mechanism-provider-filtering-sasl-server-factory}} should be stored in configuration > Exception in server log: > {code} > ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 6) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("mechanism-provider-filtering-sasl-server-factory" => "factory") > ]): java.lang.IllegalArgumentException > at org.jboss.dmr.ModelValue.asList(ModelValue.java:143) > at org.jboss.dmr.ModelNode.asList(ModelNode.java:1389) > at org.wildfly.extension.elytron.SaslServerDefinitions$4.installService(SaslServerDefinitions.java:362) > at org.wildfly.extension.elytron.SaslServerDefinitions$SaslServerAddHandler.performRuntime(SaslServerDefinitions.java:470) > at org.jboss.as.controller.AbstractAddStepHandler.performRuntime(AbstractAddStepHandler.java:337) > at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:151) > at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:921) > at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:664) > at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:383) > at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1364) > at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:416) > at org.jboss.as.controller.ModelControllerImpl.lambda$execute$1(ModelControllerImpl.java:237) > at org.wildfly.security.auth.client.PeerIdentity.runAsAll(PeerIdentity.java:431) > at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:206) > at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:237) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:217) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$400(ModelControllerClientOperationHandler.java:137) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:161) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157) > at org.wildfly.security.auth.client.PeerIdentity.runAsAll(PeerIdentity.java:464) > at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:225) > at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:185) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:157) > at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70) > at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > at org.jboss.threads.JBossThread.run(JBossThread.java:320) > {code} > This issue is caused by fix of JBEAP-6381. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7575) Elytron mechanism-provider-filtering-sasl-server-factory cannot be added without filters attribute in CLI

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7575?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7575: ----------------------------------- Affects Version/s: (was: 11.0.0.Alpha1) > Elytron mechanism-provider-filtering-sasl-server-factory cannot be added without filters attribute in CLI > --------------------------------------------------------------------------------------------------------- > > Key: WFLY-7575 > URL: https://issues.jboss.org/browse/WFLY-7575 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Ilia Vassilev > Fix For: 11.0.0.Alpha1 > > > Adding {{mechanism-provider-filtering-sasl-server-factory}} without {{filters}} attribute through CLI causes IllegalArgumentException. Exception is not thrown when {{filters}} attribute is used. > It has to be decided whether: > * {{filters}} should be required, then its nillable should be changed to false and related part of XSD should not include {{minOccurs="0"}} > * {{filters}} should not be required, then {{mechanism-provider-filtering-sasl-server-factory}} must be able to be added without {{filters}} attribute - no exception should occur and {{mechanism-provider-filtering-sasl-server-factory}} should be stored in configuration > Exception in server log: > {code} > ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 6) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("mechanism-provider-filtering-sasl-server-factory" => "factory") > ]): java.lang.IllegalArgumentException > at org.jboss.dmr.ModelValue.asList(ModelValue.java:143) > at org.jboss.dmr.ModelNode.asList(ModelNode.java:1389) > at org.wildfly.extension.elytron.SaslServerDefinitions$4.installService(SaslServerDefinitions.java:362) > at org.wildfly.extension.elytron.SaslServerDefinitions$SaslServerAddHandler.performRuntime(SaslServerDefinitions.java:470) > at org.jboss.as.controller.AbstractAddStepHandler.performRuntime(AbstractAddStepHandler.java:337) > at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:151) > at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:921) > at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:664) > at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:383) > at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1364) > at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:416) > at org.jboss.as.controller.ModelControllerImpl.lambda$execute$1(ModelControllerImpl.java:237) > at org.wildfly.security.auth.client.PeerIdentity.runAsAll(PeerIdentity.java:431) > at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:206) > at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:237) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:217) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$400(ModelControllerClientOperationHandler.java:137) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:161) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157) > at org.wildfly.security.auth.client.PeerIdentity.runAsAll(PeerIdentity.java:464) > at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:225) > at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:185) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:157) > at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70) > at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > at org.jboss.threads.JBossThread.run(JBossThread.java:320) > {code} > This issue is caused by fix of JBEAP-6381. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7939) There isn't possibility log in to management web console as user which was dynamically added after EAP was started.

by Hynek Švábek (JIRA)

Hynek Švábek created WFLY-7939: ---------------------------------- Summary: There isn't possibility log in to management web console as user which was dynamically added after EAP was started. Key: WFLY-7939 URL: https://issues.jboss.org/browse/WFLY-7939 Project: WildFly Issue Type: Bug Components: Security Reporter: Hynek Švábek Assignee: Darran Lofthouse I am not able to log in to management web console as user which was dynamically added after EAP was started. *Scenario:* * EAP is running - *standalone.sh -c=standalone-elytron.xml* * add user through script *add-user.sh -u john -p password1! -s* * log in to management web console as user *john* *Result:* * It doesn't work until restart When we use Picketbox then it works fine. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7938) Broken logout from Web console when is used Elytron subsystem

by Hynek Švábek (JIRA)

Hynek Švábek created WFLY-7938: ---------------------------------- Summary: Broken logout from Web console when is used Elytron subsystem Key: WFLY-7938 URL: https://issues.jboss.org/browse/WFLY-7938 Project: WildFly Issue Type: Bug Components: Web Console, Security Reporter: Hynek Švábek Assignee: Harald Pehl Priority: Critical When we use EAP with Elytron (standalone-elytron.xml configuration file) we aren't able to logout from Web console. With PicketBox is everything ok. *How to reproduce* * start EAP *standalone.sh -c=standalone-elytron.xml* * log in to Web console on http://localhost:9990 * invoke logout You will get this url http://localhost:9990/logout {code} 404 - Not Found {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7936) The RunAs annotation doesn't work in servlets with Elytron

by Josef Cacek (JIRA)

[ https://issues.jboss.org/browse/WFLY-7936?page=com.atlassian.jira.plugin.... ] Josef Cacek commented on WFLY-7936: ----------------------------------- Reproducer sources are in the AS testsuite: https://github.com/wildfly/wildfly/tree/10.1.0.Final/testsuite/integratio... > The RunAs annotation doesn't work in servlets with Elytron > ---------------------------------------------------------- > > Key: WFLY-7936 > URL: https://issues.jboss.org/browse/WFLY-7936 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Josef Cacek > Assignee: Darran Lofthouse > Priority: Blocker > Attachments: servlet-runas.war > > > The {{(a)javax.annotation.security.RunAs}} doesn't work in servlets when Elytron is used. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira January 2017