February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (HAWKULARQE-29) hawkular-qe-automation

by Matt Mahoney (JIRA)

Matt Mahoney created HAWKULARQE-29: -------------------------------------- Summary: hawkular-qe-automation Key: HAWKULARQE-29 URL: https://issues.jboss.org/browse/HAWKULARQE-29 Project: Hawkular QE Issue Type: Sub-task Reporter: Matt Mahoney Assignee: mfoley user -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (HAWKULARQE-28) hawkular-qe-manual

by Matt Mahoney (JIRA)

Matt Mahoney created HAWKULARQE-28: -------------------------------------- Summary: hawkular-qe-manual Key: HAWKULARQE-28 URL: https://issues.jboss.org/browse/HAWKULARQE-28 Project: Hawkular QE Issue Type: Sub-task Reporter: Matt Mahoney Assignee: mfoley user -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (HAWKULARQE-15) [QE] - JMAN4-163 - Track EAP servers connecting to the middleware manager

by Matt Mahoney (JIRA)

[ https://issues.jboss.org/browse/HAWKULARQE-15?page=com.atlassian.jira.plu... ] Matt Mahoney updated HAWKULARQE-15: ----------------------------------- Priority: Major (was: Minor) > [QE] - JMAN4-163 - Track EAP servers connecting to the middleware manager > -------------------------------------------------------------------------- > > Key: HAWKULARQE-15 > URL: https://issues.jboss.org/browse/HAWKULARQE-15 > Project: Hawkular QE > Issue Type: Task > Reporter: Hayk Hovsepyan > Assignee: Matt Mahoney > Labels: mm-integration-hawkular-qe > > See [JMAN4-163|https://issues.jboss.org/browse/JMAN4-163] -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8025) Alternatives attribute "domain" doesn't exist in modcluster subsystem

by Claudio Miranda (JIRA)

Claudio Miranda created WFLY-8025: ------------------------------------- Summary: Alternatives attribute "domain" doesn't exist in modcluster subsystem Key: WFLY-8025 URL: https://issues.jboss.org/browse/WFLY-8025 Project: WildFly Issue Type: Bug Components: mod_cluster Reporter: Claudio Miranda Assignee: Radoslav Husar modcluster resource contains the following attribute definition for "load-balancing-group" {code} "load-balancing-group" => { "type" => STRING, "description" => "loadBalancingGroup name.", "expressions-allowed" => true, "required" => false, "nillable" => true, "alternatives" => ["domain"], "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "all-services" }, {code} But the alternatives constraint specifies a "domain" attribute that doesn't exist. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8024) Upgrade Weld to 2.4.2.Final

by Martin Kouba (JIRA)

[ https://issues.jboss.org/browse/WFLY-8024?page=com.atlassian.jira.plugin.... ] Martin Kouba commented on WFLY-8024: ------------------------------------ We found a problem which only occurs if a {{SecurityManager}} is present. See also WELD-2328. We're going to release 2.4.2.SP1 and then send a new PR. > Upgrade Weld to 2.4.2.Final > --------------------------- > > Key: WFLY-8024 > URL: https://issues.jboss.org/browse/WFLY-8024 > Project: WildFly > Issue Type: Component Upgrade > Components: CDI / Weld > Reporter: Martin Kouba > Assignee: Martin Kouba > Fix For: 11.0.0.Alpha1 > > > See also http://weld.cdi-spec.org/news/2017/02/02/weld-242Final/. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8024) Upgrade Weld to 2.4.2.SP1

by Martin Kouba (JIRA)

[ https://issues.jboss.org/browse/WFLY-8024?page=com.atlassian.jira.plugin.... ] Martin Kouba updated WFLY-8024: ------------------------------- Summary: Upgrade Weld to 2.4.2.SP1 (was: Upgrade Weld to 2.4.2.Final) > Upgrade Weld to 2.4.2.SP1 > ------------------------- > > Key: WFLY-8024 > URL: https://issues.jboss.org/browse/WFLY-8024 > Project: WildFly > Issue Type: Component Upgrade > Components: CDI / Weld > Reporter: Martin Kouba > Assignee: Martin Kouba > Fix For: 11.0.0.Alpha1 > > > See also http://weld.cdi-spec.org/news/2017/02/02/weld-242Final/. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-904) Logout notification support for HTTP-based authentication mechanisms

by Pedro Igor (JIRA)

[ https://issues.jboss.org/browse/ELY-904?page=com.atlassian.jira.plugin.sy... ] Pedro Igor updated ELY-904: --------------------------- Git Pull Request: https://github.com/wildfly-security/wildfly-elytron/pull/652, https://github.com/wildfly-security/elytron-web/pull/66 (was: https://github.com/wildfly-security/elytron-web/pull/66) > Logout notification support for HTTP-based authentication mechanisms > -------------------------------------------------------------------- > > Key: ELY-904 > URL: https://issues.jboss.org/browse/ELY-904 > Project: WildFly Elytron > Issue Type: Enhancement > Components: HTTP > Affects Versions: 1.1.0.Beta21 > Reporter: Pedro Igor > Assignee: Pedro Igor > > I think it makes sense to also allow HTTP mechanisms to handle logouts. Logout is tightly related with authentication and mechanisms should be able to act properly during logout requests. > Although only a few set of mechanisms support logout, I think adding a default method {{org.wildfly.security.http.HttpServerAuthenticationMechanism#logout}} will make our API even more complete and capable of supporting more use cases. > The main use case for this enhancement is programmatic logout. In this case, logout can be triggered from inside an application which in turn delegates the logout logic to the mechanism that authenticated an user. > Considering Elytron Web, this enhancement would make integration with other containers even more simple and avoid dealing with specific logout mechanisms (e.g.: notifications) provided by these same containers. This is specially true for servlet containers. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-919) Coverity: default platform encoding used in DefaultSingleSignOnSessionFactory

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-919?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev moved WFLY-7953 to ELY-919: ----------------------------------------- Project: WildFly Elytron (was: WildFly) Key: ELY-919 (was: WFLY-7953) Component/s: HTTP (was: Security) Affects Version/s: 1.1.0.Beta21 (was: 11.0.0.Alpha1) > Coverity: default platform encoding used in DefaultSingleSignOnSessionFactory > ----------------------------------------------------------------------------- > > Key: ELY-919 > URL: https://issues.jboss.org/browse/ELY-919 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Affects Versions: 1.1.0.Beta21 > Reporter: Martin Choma > Assignee: Ilia Vassilev > Priority: Critical > > Coverity static-analysis scan found a String to byte conversion (4xoccurences of {{getBytes()}}) with default platform encoding in the DefaultSingleSignOnSessionFactory method. > Following code > {code:java|title=DefaultSingleSignOnSessionFactory.java} > @Override > public String createLogoutParameter(String sessionId) { > try { > Signature signature = Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM); > signature.initSign(this.privateKey); > Base64.Encoder urlEncoder = Base64.getUrlEncoder(); > return sessionId + "." + ByteIterator.ofBytes(urlEncoder.encode(ByteIterator.ofBytes(sessionId.getBytes()).sign(signature).drain())).asUtf8String().drainToString(); > } catch (NoSuchAlgorithmException | InvalidKeyException e) { > throw new IllegalStateException(e); > } > } > > @Override > public String verifyLogoutParameter(String parameter) { > String[] parts = parameter.split("\\."); > if (parts.length != 2) { > throw new IllegalArgumentException(parameter); > } > try { > String localSessionId = ByteIterator.ofBytes(parts[0].getBytes()).asUtf8String().drainToString(); > Signature signature = Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM); > signature.initVerify(this.certificate); > signature.update(localSessionId.getBytes()); > Base64.Decoder urlDecoder = Base64.getUrlDecoder(); > if (!ByteIterator.ofBytes(urlDecoder.decode(parts[1].getBytes())).verify(signature)) { > throw log.httpMechSsoInvalidLogoutMessage(localSessionId); > } > return localSessionId; > } catch (NoSuchAlgorithmException | InvalidKeyException e) { > throw new IllegalStateException(e); > } catch (SignatureException e) { > throw new IllegalArgumentException(parameter, e); > } > } > {code} > The encoding should be specified as argument. > Setting with high priority, because once default platform encoding UTF-16 will be set, funcionality do not need to work as intended. Especially when combined with {{asUtf8String()}}, which implies specifying default encoding UTF-8. > https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=86758... > https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=86758... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-918) Allow HTTP mechanisms to decide if response should be sent when authentication is in progress

by Pedro Igor (JIRA)

Pedro Igor created ELY-918: ------------------------------ Summary: Allow HTTP mechanisms to decide if response should be sent when authentication is in progress Key: ELY-918 URL: https://issues.jboss.org/browse/ELY-918 Project: WildFly Elytron Issue Type: Enhancement Components: HTTP Affects Versions: 1.1.0.Beta21 Reporter: Pedro Igor Assignee: Pedro Igor Currently, mechanisms are not allowed to decide if a challenge should be sent or not when processing a request to path where authentication is not required. Currently, we always write to the response regardless if authentication if required or not, making impossible to mechanisms decide what you do in cases where a request is a for a non-protected resource and an authentication challenge should not be sent. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2263) Upgrade WildFly Elytron to 1.1.0.Beta22

by Darran Lofthouse (JIRA)

Darran Lofthouse created WFCORE-2263: ---------------------------------------- Summary: Upgrade WildFly Elytron to 1.1.0.Beta22 Key: WFCORE-2263 URL: https://issues.jboss.org/browse/WFCORE-2263 Project: WildFly Core Issue Type: Component Upgrade Components: Security Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 3.0.0.Alpha23 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017