February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-662) Eliminate CredentialStore interaction from within SASL mechanisms.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-662?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-662: --------------------------------- Fix Version/s: 1.1.0.Beta25 (was: 1.1.0.Beta24) > Eliminate CredentialStore interaction from within SASL mechanisms. > ------------------------------------------------------------------ > > Key: ELY-662 > URL: https://issues.jboss.org/browse/ELY-662 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Credential Store, SASL > Reporter: Darran Lofthouse > Assignee: Peter Skopek > Priority: Critical > Fix For: 1.1.0.Beta25 > > > The conversion between callbacks and credential store should be handled centrally within the callback handler and not within the mechanism. > This way all mechanisms can use the core integration including mechanisms that may not be Elytron aware just using standard Java callbacks. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-722) Move callback handler interactions to a common base class for HTTP mechanisms, .

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-722?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-722: --------------------------------- Fix Version/s: 1.1.0.Beta25 (was: 1.1.0.Beta24) > Move callback handler interactions to a common base class for HTTP mechanisms,. > ------------------------------------------------------------------------------- > > Key: ELY-722 > URL: https://issues.jboss.org/browse/ELY-722 > Project: WildFly Elytron > Issue Type: Enhancement > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta25 > > > This is to follow a similar pattern as is used for the SASL mechanisms. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-681) Hide private packages from generated javadoc.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-681?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-681: --------------------------------- Fix Version/s: 1.1.0.Beta25 (was: 1.1.0.Beta24) > Hide private packages from generated javadoc. > --------------------------------------------- > > Key: ELY-681 > URL: https://issues.jboss.org/browse/ELY-681 > Project: WildFly Elytron > Issue Type: Task > Components: Build > Reporter: Darran Lofthouse > Priority: Critical > Fix For: 1.1.0.Beta25 > > > We may want two profiles so we can generate a full javadoc and a 'public' javadoc. > The 'public' javadoc should be the default one generated and should exclude the following packages: - > org.wildfly.security._private > org.wildfly.security.asn1 > org.wildfly.security.auth.realm > org.wildfly.security.auth.realm.* > org.wildfly.security.authz.jacc > org.wildfly.security.credential.store.impl > org.wildfly.security.security.digest > org.wildfly.security.http.impl > org.wildfly.security.security.keystore > org.wildfly.security.mechanism.oauth2 > org.wildfly.security.mechanism.scram > org.wildfly.security.password.impl > org.wildfly.security.password.util > org.wildfly.security.pem > org.wildfly.security.sasl > org.wildfly.security.sasl.* (Except util) > org.wildfly.security.util > org.wildfly.security.util_private > org.wildfly.security.x500 > org.wildfly.security.x500.cert -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-659) Make all mechanism implementations final

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-659?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-659: --------------------------------- Fix Version/s: 1.1.0.Beta25 (was: 1.1.0.Beta24) > Make all mechanism implementations final > ---------------------------------------- > > Key: ELY-659 > URL: https://issues.jboss.org/browse/ELY-659 > Project: WildFly Elytron > Issue Type: Task > Components: Authentication Mechanisms, HTTP, SASL > Reporter: David Lloyd > Priority: Critical > Fix For: 1.1.0.Beta25 > > > It is very important to make all the mechanism implementations final. Relatedly, they should have no protected members. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-728) The map backing SimpleMapBackedSecurityRealm should be an identity map not a password map.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-728?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-728: --------------------------------- Fix Version/s: 1.1.0.Beta25 (was: 1.1.0.Beta24) > The map backing SimpleMapBackedSecurityRealm should be an identity map not a password map. > ------------------------------------------------------------------------------------------ > > Key: ELY-728 > URL: https://issues.jboss.org/browse/ELY-728 > Project: WildFly Elytron > Issue Type: Task > Components: API / SPI, Realms > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 1.1.0.Beta25 > > > This realm is useful in cases where we need an identity to exist where the mechanism has performed validation without requiring access to credentials. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-726) Default Mechanism Ordering Implementation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-726?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-726: --------------------------------- Fix Version/s: 1.1.0.Beta25 (was: 1.1.0.Beta24) > Default Mechanism Ordering Implementation > ----------------------------------------- > > Key: ELY-726 > URL: https://issues.jboss.org/browse/ELY-726 > Project: WildFly Elytron > Issue Type: Task > Components: SASL > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta25 > > > We have to have some form of mechanism ordering anyway to get silent mechanisms to the front of the queue. > SaslMechanismInformation may need some updates but we have plenty of information about the mechanisms so we should be able to put together a reasonable documented ordering. > Stronger mechanisms that can complete without interaction with the client can be pulled up the list as they can quickly silently fail where AuthenticationClient does not have enough information to handle them. This set probably includes JBOSS_LOCAL_USER, EXTERNAL, GSSAPI, GS2, and the token mechs. > For username / password mechanisms we can ensure PLAIN goes last. > Of the CRAM, Digest, and SCRAM set I would suggest first order by digest algorithm and then SCRAM -> Digest -> CRAM. > There will be the opportunity for plenty of discussions on is X really better than Y but I think a reasonable default implementation that is documented will be much better than today's current random ordering. Once filtering has been applied to take into account things like available credentials in the realms etc. > I would expect most lists to be very small, maybe some silent mechs a token mech and one or two username / password mechs depending on consistency of an identity store. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-621) Client Cert authentication trigger SSLSession renegotiation?

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-621?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-621: --------------------------------- Fix Version/s: 1.1.0.Beta25 (was: 1.1.0.Beta24) > Client Cert authentication trigger SSLSession renegotiation? > ------------------------------------------------------------ > > Key: ELY-621 > URL: https://issues.jboss.org/browse/ELY-621 > Project: WildFly Elytron > Issue Type: Feature Request > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta25 > > > This could be an option to enable demanding client verification for an established connection but depending on the application being accessed. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-617) Review 'null' handling for MechanismConfiguration and MechanismRealmConfiguration

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-617?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-617: --------------------------------- Fix Version/s: 1.1.0.Beta25 (was: 1.1.0.Beta24) > Review 'null' handling for MechanismConfiguration and MechanismRealmConfiguration > --------------------------------------------------------------------------------- > > Key: ELY-617 > URL: https://issues.jboss.org/browse/ELY-617 > Project: WildFly Elytron > Issue Type: Task > Components: API / SPI > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta25 > > > Javadoc states various NameRewriter instances will not be null, implementation suggests otherwise. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-822) Move MechanismConfiguration from SecurityFactory<Credential> to CredentialSource

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-822?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-822: --------------------------------- Fix Version/s: 1.1.0.Beta25 (was: 1.1.0.Beta24) > Move MechanismConfiguration from SecurityFactory<Credential> to CredentialSource > -------------------------------------------------------------------------------- > > Key: ELY-822 > URL: https://issues.jboss.org/browse/ELY-822 > Project: WildFly Elytron > Issue Type: Enhancement > Components: API / SPI > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta25 > > > This will make it consistent with client side configuration. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-810) Unify CredentialStore around CredentialSource style storage capability

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-810?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-810: --------------------------------- Fix Version/s: 1.1.0.Beta25 (was: 1.1.0.Beta24) > Unify CredentialStore around CredentialSource style storage capability > ---------------------------------------------------------------------- > > Key: ELY-810 > URL: https://issues.jboss.org/browse/ELY-810 > Project: WildFly Elytron > Issue Type: Task > Components: Credential Store > Reporter: David Lloyd > Assignee: David Lloyd > Fix For: 1.1.0.Beta25 > > > The following needs to be done: > * Move the PB masked password format to a proper password type > * Introduce protection parameters for credential stores and entries > * Drop the admin_key concept in favor of credential store protection parameters > * Introduce a proper vault-compatible credential store > * Introduce a mechanism to pull protection parameters for stores from the client configuration > * Use a credential store which can store (nearly) any credential type > * Update XML accordingly > * Remove dangerous command execution patterns from credential store, make them safe and make them CredentialSources instead > * Clean up exception hierarchy of credential stores > * Introduce simple map-backed credential store > Additionally, the above implies: > * Introduce AlgorithmParameterSpi for password parameter types > * Introduce hashing ability for parameters > * Add missing parameter types for PBE > * Introduce serialization trickery to support picketbox class names for vault files > * Atomic file output stream > * Update tests as needed -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017