February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-728) The map backing SimpleMapBackedSecurityRealm should be an identity map not a password map.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-728?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-728: --------------------------------- Fix Version/s: 1.0.0.Beta26 (was: 1.1.0.Beta25) > The map backing SimpleMapBackedSecurityRealm should be an identity map not a password map. > ------------------------------------------------------------------------------------------ > > Key: ELY-728 > URL: https://issues.jboss.org/browse/ELY-728 > Project: WildFly Elytron > Issue Type: Task > Components: API / SPI, Realms > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 1.0.0.Beta26 > > > This realm is useful in cases where we need an identity to exist where the mechanism has performed validation without requiring access to credentials. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-726) Default Mechanism Ordering Implementation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-726?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-726: --------------------------------- Fix Version/s: 1.0.0.Beta26 (was: 1.1.0.Beta25) > Default Mechanism Ordering Implementation > ----------------------------------------- > > Key: ELY-726 > URL: https://issues.jboss.org/browse/ELY-726 > Project: WildFly Elytron > Issue Type: Task > Components: SASL > Reporter: Darran Lofthouse > Fix For: 1.0.0.Beta26 > > > We have to have some form of mechanism ordering anyway to get silent mechanisms to the front of the queue. > SaslMechanismInformation may need some updates but we have plenty of information about the mechanisms so we should be able to put together a reasonable documented ordering. > Stronger mechanisms that can complete without interaction with the client can be pulled up the list as they can quickly silently fail where AuthenticationClient does not have enough information to handle them. This set probably includes JBOSS_LOCAL_USER, EXTERNAL, GSSAPI, GS2, and the token mechs. > For username / password mechanisms we can ensure PLAIN goes last. > Of the CRAM, Digest, and SCRAM set I would suggest first order by digest algorithm and then SCRAM -> Digest -> CRAM. > There will be the opportunity for plenty of discussions on is X really better than Y but I think a reasonable default implementation that is documented will be much better than today's current random ordering. Once filtering has been applied to take into account things like available credentials in the realms etc. > I would expect most lists to be very small, maybe some silent mechs a token mech and one or two username / password mechs depending on consistency of an identity store. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-722) Move callback handler interactions to a common base class for HTTP mechanisms, .

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-722?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-722: --------------------------------- Fix Version/s: 1.0.0.Beta26 (was: 1.1.0.Beta25) > Move callback handler interactions to a common base class for HTTP mechanisms,. > ------------------------------------------------------------------------------- > > Key: ELY-722 > URL: https://issues.jboss.org/browse/ELY-722 > Project: WildFly Elytron > Issue Type: Enhancement > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.0.0.Beta26 > > > This is to follow a similar pattern as is used for the SASL mechanisms. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-887) AuthenticationContext IPv6 Address Handling

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-887?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-887: --------------------------------- Fix Version/s: 1.0.0.Beta26 (was: 1.1.0.Beta25) > AuthenticationContext IPv6 Address Handling > ------------------------------------------- > > Key: ELY-887 > URL: https://issues.jboss.org/browse/ELY-887 > Project: WildFly Elytron > Issue Type: Task > Components: Authentication Client > Reporter: Darran Lofthouse > Priority: Blocker > Fix For: 1.0.0.Beta26 > > > Within authentication client we need to ensure we are handling IPv6 addresses correctly. > Especially considering an equivalent IPv6 address can have more than one String representation. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-873) AuthenticationClient testing without jboss-modules

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-873?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-873: --------------------------------- Fix Version/s: 1.0.0.Beta26 (was: 1.1.0.Beta25) > AuthenticationClient testing without jboss-modules > -------------------------------------------------- > > Key: ELY-873 > URL: https://issues.jboss.org/browse/ELY-873 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Authentication Client, Testsuite > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.0.0.Beta26 > > > Keeping AuthenticationClient usable without a dependency on JBoss Modules is the kind of thing that will be easy to break. > We should probably have a matrix of tests verifying AuthenticationClient anyway, we should then repeat the tests without JBoss Modules on the ClassPath. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-861) Role assignment not possible for "anonymous" identity

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-861?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-861: --------------------------------- Fix Version/s: 1.0.0.Beta26 (was: 1.1.0.Beta25) > Role assignment not possible for "anonymous" identity > ----------------------------------------------------- > > Key: ELY-861 > URL: https://issues.jboss.org/browse/ELY-861 > Project: WildFly Elytron > Issue Type: Bug > Components: API / SPI > Reporter: Darran Lofthouse > Priority: Critical > Fix For: 1.0.0.Beta26 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-854) OAuth2SaslServer is missing authorization and mechanism information

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-854?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-854: --------------------------------- Fix Version/s: 1.0.0.Beta26 (was: 1.1.0.Beta25) > OAuth2SaslServer is missing authorization and mechanism information > ------------------------------------------------------------------- > > Key: ELY-854 > URL: https://issues.jboss.org/browse/ELY-854 > Project: WildFly Elytron > Issue Type: Bug > Components: SASL > Affects Versions: 1.1.0.Beta18 > Reporter: Pedro Igor > Assignee: Pedro Igor > Fix For: 1.0.0.Beta26 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-853) OAuth2CredentialSource must handle BearerTokenCredential only

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-853?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-853: --------------------------------- Fix Version/s: 1.0.0.Beta26 (was: 1.1.0.Beta25) > OAuth2CredentialSource must handle BearerTokenCredential only > ------------------------------------------------------------- > > Key: ELY-853 > URL: https://issues.jboss.org/browse/ELY-853 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Affects Versions: 1.1.0.Beta18 > Reporter: Pedro Igor > Assignee: Pedro Igor > Fix For: 1.0.0.Beta26 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-849) Rename setMechanismProperties to setSaslMechanismProperties

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-849?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-849: --------------------------------- Fix Version/s: 1.0.0.Beta26 (was: 1.1.0.Beta25) > Rename setMechanismProperties to setSaslMechanismProperties > ----------------------------------------------------------- > > Key: ELY-849 > URL: https://issues.jboss.org/browse/ELY-849 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Authentication Client > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 1.0.0.Beta26 > > > If we later add HTTP mechanisms we have no way to differentiate between HTTP and SASL mechanism properties. > We could probably share properties and rely on protocol matching in the MatchRule but as a single AuthenticationConfiguration will support both HTTP and SASL I think independent properties will be required. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-838) Ability to obtain SecurityIdentity without requiring LoginPermission

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-838?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-838: --------------------------------- Fix Version/s: 1.0.0.Beta26 (was: 1.1.0.Beta25) > Ability to obtain SecurityIdentity without requiring LoginPermission > -------------------------------------------------------------------- > > Key: ELY-838 > URL: https://issues.jboss.org/browse/ELY-838 > Project: WildFly Elytron > Issue Type: Enhancement > Components: API / SPI > Reporter: Darran Lofthouse > Priority: Critical > Fix For: 1.0.0.Beta26 > > > Integrations such as the batch subsystem within WildFly have the requirement to re-create a previous SecurityIdentity by name using their referenced SecurityDomain, however as this identity may have been inflowed the LoginPermission can not be assumed. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017