February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-8253) Premature validation in Naming subsystem

by Eduardo Martins (JIRA)

[ https://issues.jboss.org/browse/WFLY-8253?page=com.atlassian.jira.plugin.... ] Eduardo Martins reopened WFLY-8253: ----------------------------------- > Premature validation in Naming subsystem > ---------------------------------------- > > Key: WFLY-8253 > URL: https://issues.jboss.org/browse/WFLY-8253 > Project: WildFly > Issue Type: Bug > Components: Naming > Reporter: Eduardo Martins > Assignee: Eduardo Martins > > If composite operation is performed on naming subsystem and member operation are in wrong order the composite operation is not performed and all changes are rolled back. See https://issues.jboss.org/browse/JBEAP-6418?focusedCommentId=13314862&page... > and https://issues.jboss.org/browse/JBEAP-6418?focusedCommentId=13314879&page... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8253) Premature validation in Naming subsystem

by Eduardo Martins (JIRA)

[ https://issues.jboss.org/browse/WFLY-8253?page=com.atlassian.jira.plugin.... ] Eduardo Martins moved JBEAP-9166 to WFLY-8253: ---------------------------------------------- Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-8253 (was: JBEAP-9166) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Naming (was: Naming) Affects Version/s: (was: 7.1.0.DR8) > Premature validation in Naming subsystem > ---------------------------------------- > > Key: WFLY-8253 > URL: https://issues.jboss.org/browse/WFLY-8253 > Project: WildFly > Issue Type: Bug > Components: Naming > Reporter: Eduardo Martins > Assignee: Eduardo Martins > > If composite operation is performed on naming subsystem and member operation are in wrong order the composite operation is not performed and all changes are rolled back. See https://issues.jboss.org/browse/JBEAP-6418?focusedCommentId=13314862&page... > and https://issues.jboss.org/browse/JBEAP-6418?focusedCommentId=13314879&page... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8202) CS tool, format Missing required option

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/WFLY-8202?page=com.atlassian.jira.plugin.... ] Ilia Vassilev reassigned WFLY-8202: ----------------------------------- Assignee: Ilia Vassilev (was: Darran Lofthouse) > CS tool, format Missing required option > --------------------------------------- > > Key: WFLY-8202 > URL: https://issues.jboss.org/browse/WFLY-8202 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Ilia Vassilev > Labels: credential-store, user_experience, wildfly-elytron-tool > > There is validation on required option. > {code} > [mchoma@localhost bin]$ java -jar wildfly-elytron-tool.jar credential-store > Missing required option: [-a Add new alias to the credential store, -r Remove alias from the credential store, -e Check if alias exists within the credential store, -v Display all aliases, -h Get help with usage of this command][mchoma@localhost bin]$ > {code} > However it is one line message. I would prefer mulitline message for readability as > {code} > [mchoma@localhost bin]$ java -jar wildfly-elytron-tool.jar credential-store > Missing one of required options: > -a Add new alias to the credential store, > -r Remove alias from the credential store, > -e Check if alias exists within the credential store, > -v Display all aliases, > -h Get help with usage of this command > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1964) Internal ModelControllerClient should bypass access control by default

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1964?page=com.atlassian.jira.plugi... ] Brian Stansberry resolved WFCORE-1964. -------------------------------------- Assignee: Brian Stansberry (was: Darran Lofthouse) Resolution: Done If https://github.com/wildfly/wildfly-core/pull/2205/commits/0ed7c89904db057... isn't what you had in mind here, please re-open. > Internal ModelControllerClient should bypass access control by default > ---------------------------------------------------------------------- > > Key: WFCORE-1964 > URL: https://issues.jboss.org/browse/WFCORE-1964 > Project: WildFly Core > Issue Type: Task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Brian Stansberry > Priority: Blocker > Fix For: 3.0.0.Beta6 > > > This is continuing compatibility where in-vm clients can perform actions without triggering management access control. > It would be nice also if we could find a way to make it possible to selectively disable this for cases where we want identity propagation between applications and the management tier. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1507) Expose the ModelController via a capability

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1507?page=com.atlassian.jira.plugi... ] Brian Stansberry commented on WFCORE-1507: ------------------------------------------ This is partially complete via https://github.com/wildfly/wildfly-core/pull/2205. I'm not resolving it yet as I also want to break out the getNotificationRegistry() method, as that's valid for use by extensions while the rest of ModelController is not. > Expose the ModelController via a capability > ------------------------------------------- > > Key: WFCORE-1507 > URL: https://issues.jboss.org/browse/WFCORE-1507 > Project: WildFly Core > Issue Type: Enhancement > Components: Domain Management > Reporter: Brian Stansberry > Assignee: Brian Stansberry > > A server installs ServerService while an HC installs DomainModelControllerService, under different service names but both of which implement Service<ModelController>. To make it easier for subsystems that want ModelController access to work on both a server and an HC, we should create a capability with service type ModelController and have both processes use it. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8252) HttpServletRequest.logout() doesn't work with Elytron

by Josef Cacek (JIRA)

Josef Cacek created WFLY-8252: --------------------------------- Summary: HttpServletRequest.logout() doesn't work with Elytron Key: WFLY-8252 URL: https://issues.jboss.org/browse/WFLY-8252 Project: WildFly Issue Type: Bug Components: Web (Undertow), Security Reporter: Josef Cacek Assignee: Stuart Douglas Priority: Blocker Calling {{HttpServletRequest.logout()}} leaves user logged in if Elytron security is used. This means security flaw, therefor setting priority to blocker. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2292) HTTPS / Native Management protocol mismatch when using SSL

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2292?page=com.atlassian.jira.plugi... ] Brian Stansberry edited comment on WFCORE-2292 at 2/27/17 3:44 PM: ------------------------------------------------------------------- I'm rejecting the PR to get this issue in the correct state because at this stage the PR says Do not Merge. was (Author: brian.stansberry): I'm rejecting the PR to get this issue in the correct because at this stage the PR says Do not Merge. > HTTPS / Native Management protocol mismatch when using SSL > ---------------------------------------------------------- > > Key: WFCORE-2292 > URL: https://issues.jboss.org/browse/WFCORE-2292 > Project: WildFly Core > Issue Type: Bug > Components: Server > Reporter: Ken Wills > Assignee: Ken Wills > > It looks like https://github.com/wildfly/wildfly-core/commit/77158040d82d74af33800fce88... may have introduced some soft or mismatch when trying to connect using SSL / TLS, the requested buffer size is quite large. > 1:30:58,377 TRACE [org.xnio.nio.selector] (management Accept) Beginning select on sun.nio.ch.EPollSelectorImpl@2ab25536 > 11:30:58,377 TRACE [org.xnio.listener] (management I/O-1) Invoking listener org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial@aca44ee on channel org.xnio.conduits.ConduitStreamSourceChannel@787e0a1f > 11:30:58,377 TRACE [org.jboss.remoting.remote.connection] (management I/O-1) Not enough buffered bytes for message of size 369296128+4 (java.nio.DirectByteBuffer[pos=0 lim=135 cap=8192]) > ^^^^^^^ > 11:30:58,377 TRACE [org.jboss.remoting.remote.connection] (management I/O-1) Compacted existing buffer java.nio.DirectByteBuffer[pos=135 lim=8192 cap=8192] > 11:30:58,377 TRACE [org.jboss.remoting.remote.connection] (management I/O-1) Received EOF > 11:30:58,377 TRACE [org.jboss.remoting.remote] (management I/O-1) Received connection end-of-stream > 11:30:58,377 TRACE [org.xnio.nio.selector] (management I/O-1) Beginning select on sun.nio.ch.EPollSelectorImpl@1cc4241b > This was with native management, but I see the same thing using https. The client is jboss-cli.sh, connecting with: > ./bin/jboss-cli.sh -c --controller=127.0.0.1:9999 --user=admin --password=password > Relevant bits of config in use: > {quote} > <management> > <security-realms> > <security-realm name="sslSecurityRealm"> > <server-identities> > <ssl> > <keystore path="/home/kwills/ssl/configuration/server.keystore" alias="server" keystore-password="asdasd"/> > </ssl> > </server-identities> > <authentication> > <properties path="/home/kwills/ssl/configuration/users.properties" plain-text="true"/> > </authentication> > </security-realm> > </security-realms> > <management-interfaces> > <native-interface security-realm="sslSecurityRealm"> > <socket-binding native="native"/> > </native-interface> > </management-interfaces> > </management> > <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> > <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/> > <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/> > <socket-binding name="native" interface="management" port="${jboss.management.https.port:9999}"/> > </socket-binding-group> > {quote} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8238) Unable to undefine credential-reference

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-8238?page=com.atlassian.jira.plugin.... ] Martin Choma commented on WFLY-8238: ------------------------------------ [~thofman], will you take care globally, as in case of WFLY-8070 ? > Unable to undefine credential-reference > --------------------------------------- > > Key: WFLY-8238 > URL: https://issues.jboss.org/browse/WFLY-8238 > Project: WildFly > Issue Type: Bug > Components: JMS, Security > Reporter: Claudio Miranda > Assignee: Tomas Hofman > > A bridge is added and a credential-reference is set. > However a "password" attribute cannot be set as the alternatives constraint validates the data, but the password attribute has a default value. > Also neither credential-reference and password are required=true, so they may be undefined. > {code} > /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:add(discovery-group=mane,queue-name=DLQ,forwarding-address=DLQ) > /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:write-attribute(name=credential-reference,value={clear-text=senha1}) > /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:undefine-attribute(name=credential-reference) > { > "outcome" => "failed", > "failure-description" => {"domain-failure-description" => "WFLYMSGAMQ0069: Attribute (credential-reference) can not been undefined as the resource does not define any alternative to this attribute."}, > "rolled-back" => true > } > {code} > The same problem, when user adds a bridge with a password and later wants to undefine it to add a credential-reference > {code} > /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:add(discovery-group=mane,queue-name=DLQ,forwarding-address=DLQ,password=senha1) > /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:undefine-attribute(name=password) > { > "outcome" => "failed", > "failure-description" => {"domain-failure-description" => "WFLYMSGAMQ0069: Attribute (password) can not been undefined as the resource does not define any alternative to this attribute."}, > "rolled-back" => true > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-811) NullPointerException in DeploymentRoleToRolesMappingProvider

by Stefan Guilhen (JIRA)

[ https://issues.jboss.org/browse/SECURITY-811?page=com.atlassian.jira.plug... ] Stefan Guilhen resolved SECURITY-811. ------------------------------------- Fix Version/s: PicketBox_5_0_0.Beta1 Resolution: Done > NullPointerException in DeploymentRoleToRolesMappingProvider > ------------------------------------------------------------ > > Key: SECURITY-811 > URL: https://issues.jboss.org/browse/SECURITY-811 > Project: PicketBox > Issue Type: Bug > Components: JBossSX > Affects Versions: JBossSecurity_2.0.8.Final > Reporter: Chao Wang > Assignee: Peter Skopek > Priority: Minor > Fix For: PicketBox_5_0_0.Beta1 > > Attachments: SECURITY-811-picketbox.patch, SECURITY-811.patch > > > {code:title=DeploymentRoleToRolesMappingProvider.java|borderStyle=solid} > RoleGroup assignedRoles = (SimpleRoleGroup)contextMap.get(SecurityConstants.ROLES_IDENTIFIER); > for (Role r: assignedRoles.getRoles()) { > {code} > A null value of assignedRoles causes NullPointerException on server if user have not input username / passoword yet -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-913) NPE if use LdapExtLoginModule in j2se

by Stefan Guilhen (JIRA)

[ https://issues.jboss.org/browse/SECURITY-913?page=com.atlassian.jira.plug... ] Stefan Guilhen resolved SECURITY-913. ------------------------------------- Fix Version/s: PicketBox_5_0_0.Beta1 (was: PicketBox_5_0_0.Alpha1) Resolution: Done > NPE if use LdapExtLoginModule in j2se > ------------------------------------- > > Key: SECURITY-913 > URL: https://issues.jboss.org/browse/SECURITY-913 > Project: PicketBox > Issue Type: Enhancement > Components: JBossSX > Affects Versions: PicketBox_5_0_0.Alpha1 > Reporter: Kylin Soong > Assignee: Kylin Soong > Fix For: PicketBox_5_0_0.Beta1 > > Attachments: picketbox-j2se.zip > > > Use LdapExtLoginModule in j2se with condifg: > {code} > <?xml version='1.0'?> > > <policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:schemaLocation="urn:jboss:security-config:5.0" > xmlns="urn:jboss:security-config:5.0" > xmlns:jbxb="urn:jboss:security-config:5.0"> > > <application-policy name = "Sample-Ldap"> > <authentication> > <login-module code = "org.jboss.security.auth.spi.LdapExtLoginModule" flag = "required"> > <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> > <module-option name="java.naming.provider.url">ldap://10.66.218.46:389</module-option> > <module-option name="java.naming.security.authentication">simple</module-option> > <module-option name="bindDN">cn=Manager,dc=example,dc=com</module-option> > <module-option name="bindCredential">redhat</module-option> > <module-option name="baseCtxDN">ou=Customers,dc=example,dc=com</module-option> > <module-option name="baseFilter">(uid={0})</module-option> > <module-option name="rolesCtxDN">ou=Roles,dc=example,dc=com</module-option> > <module-option name="roleFilter">(uniqueMember={1})</module-option> > <module-option name="roleAttributeID">cn</module-option> > </login-module> > </authentication> > </application-policy> > > </policy> > {code} > authentication parse section code [1] line 123: > {code} > AuthenticationInfo authInfo = new AuthenticationInfo(); > {code} > which this cause null set as AuthenticationInfo name, then cause 'jboss.security.security_domain=null' as options be passed to LdapExtLoginModule, this null value finally cause NPE in LdapExtLoginModule line around 840 > {code} > Entry entry = (Entry) iter.next(); > env.put(entry.getKey(), entry.getValue()); > {code} > [1] https://github.com/picketbox/picketbox/blob/master/security-jboss-sx/jbos... > [2] https://github.com/picketbox/picketbox/blob/master/security-jboss-sx/jbos... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017