[JBoss JIRA] (WFLY-9477) Cannot create two hosts with unspecified default web module in Undertow
by Tomaz Cerar (JIRA)
[ https://issues.jboss.org/browse/WFLY-9477?page=com.atlassian.jira.plugin.... ]
Tomaz Cerar moved JBEAP-13612 to WFLY-9477:
-------------------------------------------
Project: WildFly (was: JBoss Enterprise Application Platform)
Key: WFLY-9477 (was: JBEAP-13612)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Web (Undertow)
(was: User Experience)
(was: Web (Undertow))
Affects Version/s: 11.0.0.Final
(was: 7.1.0.DR7)
> Cannot create two hosts with unspecified default web module in Undertow
> -----------------------------------------------------------------------
>
> Key: WFLY-9477
> URL: https://issues.jboss.org/browse/WFLY-9477
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 11.0.0.Final
> Reporter: Tomaz Cerar
> Assignee: Tomaz Cerar
> Priority: Minor
>
> As a user, I cannot create two hosts with unspecified default web module. Currently the default-web-module is checked only for uniqueness and by default there is defined ROOT.war, which by default doesn't exist. Current behavior is that in case of non existing module defined by default-web-module, when accessing the root context ('/'), the content defined as part of welcome-file handler is provided.
> As a user I should not be forced to put random values to avoid duplicity check, when I don't want to have set default-web-module. As such the default-web-module should have undefined default which could be checked and avoided failures due duplicates as there are in reality none.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (ELY-991) SASL Digest client handles callbacks incorrectly
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-991?page=com.atlassian.jira.plugin.sy... ]
Jan Kalina reassigned ELY-991:
------------------------------
Assignee: Jan Kalina
> SASL Digest client handles callbacks incorrectly
> ------------------------------------------------
>
> Key: ELY-991
> URL: https://issues.jboss.org/browse/ELY-991
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Mechanisms, SASL
> Reporter: David Lloyd
> Assignee: Jan Kalina
>
> Right now the SASL digest client handles callbacks like this:
> * If a realm choice is available use RealmChoiceCallback to get it, and fail if it is not supported
> * Try to use RealmCallback+NameCallback+CredentialCallback (with digest password)
> * Try to use RealmCallback+NameCallback+CredentialCallback (with two-way password)
> * Try to use RealmCallback+NameCallback+PasswordCallback
> This is a problem because RealmChoiceCallback should not be required, and if it was supported, RealmCallback is not needed. It's basically OK to retry realm selection and name selection if the credential was unsupported.
> The logic should probably be more like this:
> * Try to use <a realm callback>+NameCallback+CredentialCallback (with digest password)
> ** First try with RealmChoiceCallback if there is a choice
> ** Then try with RealmCallback if RealmChoiceCallback is unsupported
> ** If there is no default realm, fail
> ** Otherwise try with no realm callback and use the default realm
> * Try to use <a realm callback>+NameCallback+CredentialCallback (with two-way password)
> ** First try with RealmChoiceCallback if it was not eliminated above and there is a choice
> ** Then try RealmCallback if it was not eliminated above
> ** If there is no default realm, fail
> ** Otherwise try with no realm callback and use the default realm
> * Try to use <a realm callback>+NameCallback+PasswordCallback
> ** First try with RealmChoiceCallback if it was not eliminated above and there is a choice
> ** Then try RealmCallback if it was not eliminated above
> ** If there is no default realm, fail
> ** Otherwise try with no realm callback and use the default realm
> This way we don't retry callbacks that don't work, and we don't fail if RealmCallback is not supported. If no user name or credential is given, then the attempt should be considered a failure and the next credential tried without eliminating any realm callbacks. If no realm is given then the attempt should be a failure without trying other realm callback options, because the callback is supported but there was no realm given (which is a programming error).
> If a user name or realm is given in an earlier stage, it should stay as the default for later stages.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (ELY-742) SASL client mechs should use javax.security.sasl.AuthenticationException where appropriate
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-742?page=com.atlassian.jira.plugin.sy... ]
Jan Kalina reassigned ELY-742:
------------------------------
Fix Version/s: 1.1.0.Alpha1
Assignee: David Lloyd
Resolution: Done
> SASL client mechs should use javax.security.sasl.AuthenticationException where appropriate
> ------------------------------------------------------------------------------------------
>
> Key: ELY-742
> URL: https://issues.jboss.org/browse/ELY-742
> Project: WildFly Elytron
> Issue Type: Task
> Components: Authentication Mechanisms, SASL
> Reporter: David Lloyd
> Assignee: David Lloyd
> Priority: Minor
> Fix For: 1.1.0.Alpha1
>
>
> There is a specific exception type which indicates that a SASL authentication has failed as opposed to a protocol/transit or operational problem. We should use that whenever appropriate.
> This means we'd need to add a {{toSaslAuthenticationException()}} method to {{org.wildfly.security.mechanism.AuthenticationMechanismException}}.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months