February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-835) SecurityIdentity Automatic Outflow

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-835?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-835: --------------------------------- Fix Version/s: 1.1.0.Beta23 (was: 1.1.0.Beta22) > SecurityIdentity Automatic Outflow > ---------------------------------- > > Key: ELY-835 > URL: https://issues.jboss.org/browse/ELY-835 > Project: WildFly Elytron > Issue Type: Enhancement > Components: API / SPI > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 1.1.0.Beta23 > > > We previously discussed that when runAs is called on a SecurityIdentity this should pro-actively outflow to predefined security domains (which it has in trusted-security-domains?) so it does not need to be manually inflowed at a later point. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-765) ServiceLoader Provider and SaslClientFactory discovery should be able to use system ClassLoader

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-765?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-765: --------------------------------- Fix Version/s: 1.1.0.Beta23 (was: 1.1.0.Beta22) > ServiceLoader Provider and SaslClientFactory discovery should be able to use system ClassLoader > ----------------------------------------------------------------------------------------------- > > Key: ELY-765 > URL: https://issues.jboss.org/browse/ELY-765 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Authentication Client > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta23 > > > Clients may not be running using a JBoss Modules ClassLoader. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-770) Review SASL mechanism handling of isComplete()

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-770?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-770: --------------------------------- Fix Version/s: 1.1.0.Beta23 (was: 1.1.0.Beta22) > Review SASL mechanism handling of isComplete() > ---------------------------------------------- > > Key: ELY-770 > URL: https://issues.jboss.org/browse/ELY-770 > Project: WildFly Elytron > Issue Type: Task > Components: SASL > Reporter: Darran Lofthouse > Priority: Critical > Fix For: 1.1.0.Beta23 > > > The javadoc of the isComplete() method states: - > _Determines whether the authentication exchange has completed. This method is typically called after each invocation of evaluateResponse() to determine whether the authentication has completed successfully or should be continued._ > Also getAuthorizationID() states: - > _Reports the authorization ID in effect for the client of this session. This method can only be called if isComplete() returns true. > _ > Although the former is very vague there just seem to be a suggestion that complete means successfully complete, our mechs are setting complete very early and other wrappers such as AuthenticationCompleteCallbackSaslServerFactory are using complete as a flag to report failures. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-766) It should be possible for domains to be configured with a list of other domains to proactively outflow to.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-766?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-766: --------------------------------- Fix Version/s: 1.1.0.Beta23 (was: 1.1.0.Beta22) > It should be possible for domains to be configured with a list of other domains to proactively outflow to. > ---------------------------------------------------------------------------------------------------------- > > Key: ELY-766 > URL: https://issues.jboss.org/browse/ELY-766 > Project: WildFly Elytron > Issue Type: Feature Request > Components: API / SPI > Reporter: Darran Lofthouse > Priority: Critical > Fix For: 1.1.0.Beta23 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-747) Is SSLContextAuthenticationConfiguration Still required now sslRules are separated.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-747?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-747: --------------------------------- Fix Version/s: 1.1.0.Beta23 (was: 1.1.0.Beta22) > Is SSLContextAuthenticationConfiguration Still required now sslRules are separated. > ----------------------------------------------------------------------------------- > > Key: ELY-747 > URL: https://issues.jboss.org/browse/ELY-747 > Project: WildFly Elytron > Issue Type: Task > Components: Authentication Client > Reporter: Darran Lofthouse > Assignee: David Lloyd > Fix For: 1.1.0.Beta23 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-774) KeystorePasswordStore needs to be optionally passed a Supplier<Provider[]>

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-774?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-774: --------------------------------- Fix Version/s: 1.1.0.Beta23 (was: 1.1.0.Beta22) > KeystorePasswordStore needs to be optionally passed a Supplier<Provider[]> > -------------------------------------------------------------------------- > > Key: ELY-774 > URL: https://issues.jboss.org/browse/ELY-774 > Project: WildFly Elytron > Issue Type: Task > Components: Credential Store > Reporter: Darran Lofthouse > Assignee: Peter Skopek > Fix For: 1.1.0.Beta23 > > > The current implementation assumes it is globally registered but we may want a configuration without global registration. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-810) Unify CredentialStore around CredentialSource style storage capability

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-810?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-810: --------------------------------- Fix Version/s: 1.1.0.Beta23 (was: 1.1.0.Beta22) > Unify CredentialStore around CredentialSource style storage capability > ---------------------------------------------------------------------- > > Key: ELY-810 > URL: https://issues.jboss.org/browse/ELY-810 > Project: WildFly Elytron > Issue Type: Task > Components: Credential Store > Reporter: David Lloyd > Assignee: David Lloyd > Fix For: 1.1.0.Beta23 > > > The following needs to be done: > * Move the PB masked password format to a proper password type > * Introduce protection parameters for credential stores and entries > * Drop the admin_key concept in favor of credential store protection parameters > * Introduce a proper vault-compatible credential store > * Introduce a mechanism to pull protection parameters for stores from the client configuration > * Use a credential store which can store (nearly) any credential type > * Update XML accordingly > * Remove dangerous command execution patterns from credential store, make them safe and make them CredentialSources instead > * Clean up exception hierarchy of credential stores > * Introduce simple map-backed credential store > Additionally, the above implies: > * Introduce AlgorithmParameterSpi for password parameter types > * Introduce hashing ability for parameters > * Add missing parameter types for PBE > * Introduce serialization trickery to support picketbox class names for vault files > * Atomic file output stream > * Update tests as needed -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-889) Add a filtering RoleMapper implementation.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-889?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-889: --------------------------------- Fix Version/s: 1.1.0.Beta23 (was: 1.1.0.Beta22) > Add a filtering RoleMapper implementation. > ------------------------------------------ > > Key: ELY-889 > URL: https://issues.jboss.org/browse/ELY-889 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Utils > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta23 > > > The RoleMapper APIs are built around querying one role at a time, however at times it may be desirable to obtain a set of roles an identity is a member of. > To avoid iterating every role which depending on the configuration could be thousands backed by a remote store we should have a FilteringRoleMapper implementation that will allow any checks and iteration of the roles to be restricted to a finite set of acceptable roles. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-917) Release WildFly Elytron 1.1.0.Beta22

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-917?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse resolved ELY-917. ---------------------------------- Resolution: Done > Release WildFly Elytron 1.1.0.Beta22 > ------------------------------------ > > Key: ELY-917 > URL: https://issues.jboss.org/browse/ELY-917 > Project: WildFly Elytron > Issue Type: Release > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta22 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-887) AuthenticationContext IPv6 Address Handling

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-887?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-887: --------------------------------- Fix Version/s: 1.1.0.Beta23 (was: 1.1.0.Beta22) > AuthenticationContext IPv6 Address Handling > ------------------------------------------- > > Key: ELY-887 > URL: https://issues.jboss.org/browse/ELY-887 > Project: WildFly Elytron > Issue Type: Task > Components: Authentication Client > Reporter: Darran Lofthouse > Priority: Blocker > Fix For: 1.1.0.Beta23 > > > Within authentication client we need to ensure we are handling IPv6 addresses correctly. > Especially considering an equivalent IPv6 address can have more than one String representation. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 11 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017