February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-947) Add our own syslog implementation

by Darran Lofthouse (JIRA)

Darran Lofthouse created ELY-947: ------------------------------------ Summary: Add our own syslog implementation Key: ELY-947 URL: https://issues.jboss.org/browse/ELY-947 Project: WildFly Elytron Issue Type: Feature Request Components: Audit Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 1.1.0.Beta26 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-948) Add additional audit events

by Darran Lofthouse (JIRA)

Darran Lofthouse created ELY-948: ------------------------------------ Summary: Add additional audit events Key: ELY-948 URL: https://issues.jboss.org/browse/ELY-948 Project: WildFly Elytron Issue Type: Task Components: Audit Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 1.1.0.Beta25 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8113) Upgrade netty-xnio-transport to 0.1.2.Final

by Jeff Mesnil (JIRA)

[ https://issues.jboss.org/browse/WFLY-8113?page=com.atlassian.jira.plugin.... ] Jeff Mesnil moved JBEAP-8830 to WFLY-8113: ------------------------------------------ Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-8113 (was: JBEAP-8830) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: JMS (was: ActiveMQ) (was: JMS) > Upgrade netty-xnio-transport to 0.1.2.Final > ------------------------------------------- > > Key: WFLY-8113 > URL: https://issues.jboss.org/browse/WFLY-8113 > Project: WildFly > Issue Type: Component Upgrade > Components: JMS > Reporter: Jeff Mesnil > Assignee: Jeff Mesnil > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2295) org.jboss.as.domain-management does not permit non-JKS file keystore

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2295?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2295: ------------------------------------- Component/s: Security > org.jboss.as.domain-management does not permit non-JKS file keystore > -------------------------------------------------------------------- > > Key: WFCORE-2295 > URL: https://issues.jboss.org/browse/WFCORE-2295 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Environment: Java 1.8.0_121, EAP 6.4.13 > Reporter: Rich Lucente > Assignee: Brian Stansberry > Labels: eap, fips, management, security > Attachments: ProviderFileKeyManagerService.java, ProviderFileKeystore.java, ProviderFileTrustManagerService.java, SecurityRealmAddHandler.java > > > org.jboss.as.domain-management subsystem only enables users to specify either a `provider` attribute or a `keystore-path` attribute but not both. Users wishing to use a FIPS 140-2 certified provider are limited to the SunPKCS11 provider on RHEL. Non-JKS JCE providers that require an alternative provider with a keystore-path cannot be configured to secure the management interface. > With the recent FIPS 140-2 certification of pure java open source cryptographic modules, government customers seek to secure EAP on multiple operating systems using FIPS certified JCE providers. These same customers must use common criteria certified software and follow DISA security technical implementation guidelines (http://iase.disa.mil/stigs/app-security/app-servers/Pages/jboss.aspx). Currently, EAP 6 is the only option to meet both of those conditions. > The attached files incorporate changes to the org.jboss.as.domain.management.security package to enable the use of file-based keystores that rely on alternative JCE providers and that do not use JKS formatted keystores. > This configuration with the bouncy castle pure java FIPS 140-2 certified provider and the attached software changes enable securing the management interface: > {noformat} > ... > <security-realm name="ManagementRealmHTTPS"> > <server-identities> > <ssl protocol="TLS"> > <engine enabled-cipher-suites="SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA TLS_ECDH_anon_WITH_AES_128_CBC_SHA TLS_ECDH_anon_WITH_AES_256_CBC_SHA" enabled-protocols="TLSv1 TLSv1.1 TLSv1.2"/> > <keystore provider="BCFKS" path="vault/vault.bcfks" relative-to="jboss.home.dir" keystore-password="admin1jboss_" alias="jbossweb" key-password="admin1jboss_"/> > </ssl> > </server-identities> > <authentication> > <properties path="https-mgmt-users.properties" relative-to="jboss.server.config.dir"/> > </authentication> > </security-realm> > ... > {noformat} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2295) org.jboss.as.domain-management does not permit non-JKS file keystore

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2295?page=com.atlassian.jira.plugi... ] Brian Stansberry moved JBEAP-8829 to WFCORE-2295: ------------------------------------------------- Project: WildFly Core (was: JBoss Enterprise Application Platform) Key: WFCORE-2295 (was: JBEAP-8829) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Domain Management (was: Domain Management) Affects Version/s: (was: 6.4.0.GA) > org.jboss.as.domain-management does not permit non-JKS file keystore > -------------------------------------------------------------------- > > Key: WFCORE-2295 > URL: https://issues.jboss.org/browse/WFCORE-2295 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management > Environment: Java 1.8.0_121, EAP 6.4.13 > Reporter: Rich Lucente > Assignee: Brian Stansberry > Labels: eap, fips, management, security > Attachments: ProviderFileKeyManagerService.java, ProviderFileKeystore.java, ProviderFileTrustManagerService.java, SecurityRealmAddHandler.java > > > org.jboss.as.domain-management subsystem only enables users to specify either a `provider` attribute or a `keystore-path` attribute but not both. Users wishing to use a FIPS 140-2 certified provider are limited to the SunPKCS11 provider on RHEL. Non-JKS JCE providers that require an alternative provider with a keystore-path cannot be configured to secure the management interface. > With the recent FIPS 140-2 certification of pure java open source cryptographic modules, government customers seek to secure EAP on multiple operating systems using FIPS certified JCE providers. These same customers must use common criteria certified software and follow DISA security technical implementation guidelines (http://iase.disa.mil/stigs/app-security/app-servers/Pages/jboss.aspx). Currently, EAP 6 is the only option to meet both of those conditions. > The attached files incorporate changes to the org.jboss.as.domain.management.security package to enable the use of file-based keystores that rely on alternative JCE providers and that do not use JKS formatted keystores. > This configuration with the bouncy castle pure java FIPS 140-2 certified provider and the attached software changes enable securing the management interface: > {noformat} > ... > <security-realm name="ManagementRealmHTTPS"> > <server-identities> > <ssl protocol="TLS"> > <engine enabled-cipher-suites="SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA TLS_ECDH_anon_WITH_AES_128_CBC_SHA TLS_ECDH_anon_WITH_AES_256_CBC_SHA" enabled-protocols="TLSv1 TLSv1.1 TLSv1.2"/> > <keystore provider="BCFKS" path="vault/vault.bcfks" relative-to="jboss.home.dir" keystore-password="admin1jboss_" alias="jbossweb" key-password="admin1jboss_"/> > </ssl> > </server-identities> > <authentication> > <properties path="https-mgmt-users.properties" relative-to="jboss.server.config.dir"/> > </authentication> > </security-realm> > ... > {noformat} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-976) Deployment fails with missing/unavailable dependencies

by Thomas Diesler (JIRA)

[ https://issues.jboss.org/browse/WFCORE-976?page=com.atlassian.jira.plugin... ] Thomas Diesler resolved WFCORE-976. ----------------------------------- Resolution: Out of Date > Deployment fails with missing/unavailable dependencies > ------------------------------------------------------ > > Key: WFCORE-976 > URL: https://issues.jboss.org/browse/WFCORE-976 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management > Reporter: Thomas Diesler > Assignee: Brian Stansberry > > Our testsuite bootstraps the server and then waits for the native management interface to become available on 8181 > A subsequent deployment (intermittently) fails with > {code} > domain-master> [Host Controller] [0m[0m05:09:40,678 INFO [org.jboss.as.repository] (management-handler-thread - 2) JBAS014900: Content added at location /opt/jboss/wildfly/domain/data/content/ef/3743938a6b38a2ae473f12778fef7ad0ce464c/content[0m > domain-slave> [Server:server-one] [0m[31m05:09:41,654 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 5) JBAS014613: Operation ("deploy") failed - address: ([("deployment" => "domain-endpoint.war")]) - failure description: {"JBAS014771: Services with missing/unavailable dependencies" => ["jboss.deployment.unit.\"domain-endpoint.war\" is missing [jboss.deployment.chains]"]}[0m > {code} > There seems to be a missing guarantee that allows the management endpoint to answer deployment requests when the deployment chain services are not up. > CrossLink: https://github.com/wildfly-extras/wildfly-camel/issues/175 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (HAWKULARQE-36) IPV6

by Matt Mahoney (JIRA)

Matt Mahoney created HAWKULARQE-36: -------------------------------------- Summary: IPV6 Key: HAWKULARQE-36 URL: https://issues.jboss.org/browse/HAWKULARQE-36 Project: Hawkular QE Issue Type: Task Reporter: Matt Mahoney Assignee: mfoley user See: [HAWKULAR-1193|https://issues.jboss.org/browse/HAWKULAR-1193] -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (HAWKULARQE-35) Manual Testcases - Create and Run

by Hayk Hovsepyan (JIRA)

Hayk Hovsepyan created HAWKULARQE-35: ---------------------------------------- Summary: Manual Testcases - Create and Run Key: HAWKULARQE-35 URL: https://issues.jboss.org/browse/HAWKULARQE-35 Project: Hawkular QE Issue Type: Sub-task Reporter: Hayk Hovsepyan Assignee: mfoley user Priority: Critical Add new provider with SSL and check that provider is added successfully and inventory is loaded. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (HAWKULARQE-34) Automation Testcase

by Hayk Hovsepyan (JIRA)

Hayk Hovsepyan created HAWKULARQE-34: ---------------------------------------- Summary: Automation Testcase Key: HAWKULARQE-34 URL: https://issues.jboss.org/browse/HAWKULARQE-34 Project: Hawkular QE Issue Type: Sub-task Reporter: Hayk Hovsepyan Assignee: mfoley user Priority: Critical Smoke automation test to add new middleware provider with SSL and check that inventory is loaded. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (HAWKULARQE-33) [QE] - JMAN4-188 - Secure link from CloudForms to MW Provider

by Hayk Hovsepyan (JIRA)

Hayk Hovsepyan created HAWKULARQE-33: ---------------------------------------- Summary: [QE] - JMAN4-188 - Secure link from CloudForms to MW Provider Key: HAWKULARQE-33 URL: https://issues.jboss.org/browse/HAWKULARQE-33 Project: Hawkular QE Issue Type: Task Reporter: Hayk Hovsepyan Assignee: mfoley user Priority: Critical See [JMAN4-188|https://issues.jboss.org/browse/JMAN4-188] -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017