February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-970) Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/ELY-970?page=com.atlassian.jira.plugin.sy... ] Ondrej Lukas updated ELY-970: ----------------------------- Affects Version/s: 1.1.0.Beta25 > Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used > ----------------------------------------------------------------------------------------------------------------------- > > Key: ELY-970 > URL: https://issues.jboss.org/browse/ELY-970 > Project: WildFly Elytron > Issue Type: Bug > Components: Realms > Affects Versions: 1.1.0.Beta25 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > In case when Ldap Realm is set to use direct verification and referenced DirContext uses referral mode follow, then roles for referral user are searched before actual user password is validated. In this case following flow is used: > # searching for username > # searching for roles (i.e. searching for attributes) > # validating password for username > It means even if wrong password is used then roles in LDAP are searched. Password should be validated before some roles are searched. Current behavior can result to performance issues. > This is the same issue as ELY-760 but only for case when direct verification and referral mode follow are used and user from referral tries to authenticate. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-970) Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/ELY-970?page=com.atlassian.jira.plugin.sy... ] Ondrej Lukas updated ELY-970: ----------------------------- Description: In case when Ldap Realm is set to use direct verification and referenced DirContext uses referral mode follow, then roles for referral user are searched before actual user password is validated. In this case following flow is used: # searching for username # searching for roles (i.e. searching for attributes) # validating password for username It means even if wrong password is used then roles in LDAP are searched. Password should be validated before some roles are searched. Current behavior can result to performance issues. This is the same issue as ELY-760 but only for case when direct verification and referral mode follow are used and user from referral tries to authenticate. was: In case when Ldap Realm is set to use direct verification and referenced DirContext uses referral mode follow, then roles for referral user are searched before actual user password is validated. In this case following flow is used: # searching for username # searching for roles (i.e. searching for attributes) # validating password for username It means even if wrong password is used then roles in LDAP are searched. Password should be validated before some roles are searched. Current behavior can result to performance issues. This is the same issue as JBEAP-7339 but only for case when direct verification and referral mode follow are used and user from referral tries to authenticate. > Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used > ----------------------------------------------------------------------------------------------------------------------- > > Key: ELY-970 > URL: https://issues.jboss.org/browse/ELY-970 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > In case when Ldap Realm is set to use direct verification and referenced DirContext uses referral mode follow, then roles for referral user are searched before actual user password is validated. In this case following flow is used: > # searching for username > # searching for roles (i.e. searching for attributes) > # validating password for username > It means even if wrong password is used then roles in LDAP are searched. Password should be validated before some roles are searched. Current behavior can result to performance issues. > This is the same issue as ELY-760 but only for case when direct verification and referral mode follow are used and user from referral tries to authenticate. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-970) Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/ELY-970?page=com.atlassian.jira.plugin.sy... ] Ondrej Lukas updated ELY-970: ----------------------------- Component/s: Realms > Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used > ----------------------------------------------------------------------------------------------------------------------- > > Key: ELY-970 > URL: https://issues.jboss.org/browse/ELY-970 > Project: WildFly Elytron > Issue Type: Bug > Components: Realms > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > In case when Ldap Realm is set to use direct verification and referenced DirContext uses referral mode follow, then roles for referral user are searched before actual user password is validated. In this case following flow is used: > # searching for username > # searching for roles (i.e. searching for attributes) > # validating password for username > It means even if wrong password is used then roles in LDAP are searched. Password should be validated before some roles are searched. Current behavior can result to performance issues. > This is the same issue as ELY-760 but only for case when direct verification and referral mode follow are used and user from referral tries to authenticate. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-970) Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used

by Ondrej Lukas (JIRA)

Ondrej Lukas created ELY-970: -------------------------------- Summary: Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used Key: ELY-970 URL: https://issues.jboss.org/browse/ELY-970 Project: WildFly Elytron Issue Type: Bug Reporter: Ondrej Lukas Assignee: Darran Lofthouse Priority: Critical In case when Ldap Realm is set to use direct verification and referenced DirContext uses referral mode follow, then roles for referral user are searched before actual user password is validated. In this case following flow is used: # searching for username # searching for roles (i.e. searching for attributes) # validating password for username It means even if wrong password is used then roles in LDAP are searched. Password should be validated before some roles are searched. Current behavior can result to performance issues. This is the same issue as JBEAP-7339 but only for case when direct verification and referral mode follow are used and user from referral tries to authenticate. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (HAWKULARQE-42) Treat EAP immutable if running in Container

by Hayk Hovsepyan (JIRA)

[ https://issues.jboss.org/browse/HAWKULARQE-42?page=com.atlassian.jira.plu... ] Hayk Hovsepyan deleted HAWKULARQE-42: ------------------------------------- > Treat EAP immutable if running in Container > ------------------------------------------- > > Key: HAWKULARQE-42 > URL: https://issues.jboss.org/browse/HAWKULARQE-42 > Project: Hawkular QE > Issue Type: Task > Reporter: Hayk Hovsepyan > > See https://issues.jboss.org/browse/HAWKULAR-1183 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8164) Review hard coded of jboss-ejb-policy in EJBComponentDescription.SecurityDomainDependencyConfigurator#configure

by Michal Jurc (JIRA)

Michal Jurc created WFLY-8164: --------------------------------- Summary: Review hard coded of jboss-ejb-policy in EJBComponentDescription.SecurityDomainDependencyConfigurator#configure Key: WFLY-8164 URL: https://issues.jboss.org/browse/WFLY-8164 Project: WildFly Issue Type: Bug Components: Security Reporter: Michal Jurc Assignee: Stuart Douglas This dep is hard coded because it was required by picketbox, however now that elytron is in we should not be creating picketbox dependencies by default. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-969) Add a KeyStore implementation that can use the key store password for retrieving entries.

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-969?page=com.atlassian.jira.plugin.sy... ] Martin Choma commented on ELY-969: ---------------------------------- Does that mean another resource will be created or is this issue talking about changing existing keystore resource. To be honest it does not look to me much practical. If for achieving "default key password" another resource have to be registered. And if this will be only additional feature of this new resource. > Add a KeyStore implementation that can use the key store password for retrieving entries. > ----------------------------------------------------------------------------------------- > > Key: ELY-969 > URL: https://issues.jboss.org/browse/ELY-969 > Project: WildFly Elytron > Issue Type: Feature Request > Components: KeyStores > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta28 > > > A KeyManager which uses a KeyStore is defined independently of the KeyStore - it is the KeyManager that has the password for the entry in the KeyStore whilst the KeyStore has the password for the overall store. > In many cases the password used for the overall store is the same password as used for the entries. > We should provide a KeyStore implementation that can substitute the password received. > We may even be able to go one step further and add a password resolver which could mean a CredentialStore is used to obtain the password for different entries, -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8160) Webservice response File Descriptor leak

by Mahesh Reddy (JIRA)

[ https://issues.jboss.org/browse/WFLY-8160?page=com.atlassian.jira.plugin.... ] Mahesh Reddy updated WFLY-8160: ------------------------------- Attachment: BioMatcherWebserviceImpl.java > Webservice response File Descriptor leak > ---------------------------------------- > > Key: WFLY-8160 > URL: https://issues.jboss.org/browse/WFLY-8160 > Project: WildFly > Issue Type: Bug > Components: Web Services > Affects Versions: 9.0.0.Final, 9.0.2.Final, 10.1.0.Final > Environment: JDK: jdk1.8.0_121, jdk1.8.0_66 > WilfFly : wildfly-10.1.0.Final, wildfly-9.0.2.Final , wildfly-9.0.0.Final > OS: Red Hat Enterprise Linux Server release 7.1 (Maipo) > Hardware: 64 bit 4 core > Reporter: Mahesh Reddy > Assignee: Alessio Soldano > Priority: Blocker > Attachments: BioMatcherWebserviceImpl.java, BioMatcherWebserviceImpl.java, SOAP_REQUEST.txt, SOAP_RESPONSE.txt > > > We are getting File descriptor leak when wildfly responds to webservice call. > I think this happens if the webresvice response is huge complex structure, > I confirmed by adding the sleep just before the returning from the webservice method and checking lsof -p <pid>, And again checking it after client receives the response,. > I notice for each webservice call, 2 file descriptors are open and never closed. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8064) Dependecy Injection not working

by Stuart Douglas (JIRA)

[ https://issues.jboss.org/browse/WFLY-8064?page=com.atlassian.jira.plugin.... ] Stuart Douglas reassigned WFLY-8064: ------------------------------------ Assignee: Alessio Soldano (was: Stuart Douglas) > Dependecy Injection not working > ------------------------------- > > Key: WFLY-8064 > URL: https://issues.jboss.org/browse/WFLY-8064 > Project: WildFly > Issue Type: Release > Components: CDI / Weld > Affects Versions: 10.0.0.Final > Environment: Windows 2012 R2 > Reporter: Pradeep Ganapathy > Assignee: Alessio Soldano > > All injected parameters after post construct are null. Jboss cant able to detect inject paramaters. Both dao and testDescription parameters are null. As a result null pointer exception > RestEasy versions(All) ----> 3.0.14.Final. > ApplicationScoped > public class TestImpl implements ITest > { > > @Inject > private ITestDAO dao; > public TestImpl setTestDAO(ITestDAO dao) > { > this.dao = dao; > return this; > } > @Inject > private TestDescription testDescription; > public TestImpl setTestDescription(TestDescription testDescription) > { > this.testDescription = testDescription; > return this; > } > } > Error Logs: > 2017-02-09 13:11:22,256 ERROR [io.undertow.request] (default task-128) UT005023: Exception handling request to( My EndPoint): org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException > Caused by: java.lang.NullPointerException > at ServiceRegistryImpl.lookup(ServiceRegistryImpl.java:142) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139) > at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) > at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) > at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) > at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395) > ... 35 more -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8064) Dependecy Injection not working

by Stuart Douglas (JIRA)

[ https://issues.jboss.org/browse/WFLY-8064?page=com.atlassian.jira.plugin.... ] Stuart Douglas updated WFLY-8064: --------------------------------- Component/s: REST > Dependecy Injection not working > ------------------------------- > > Key: WFLY-8064 > URL: https://issues.jboss.org/browse/WFLY-8064 > Project: WildFly > Issue Type: Release > Components: CDI / Weld, REST > Affects Versions: 10.0.0.Final > Environment: Windows 2012 R2 > Reporter: Pradeep Ganapathy > Assignee: Alessio Soldano > > All injected parameters after post construct are null. Jboss cant able to detect inject paramaters. Both dao and testDescription parameters are null. As a result null pointer exception > RestEasy versions(All) ----> 3.0.14.Final. > ApplicationScoped > public class TestImpl implements ITest > { > > @Inject > private ITestDAO dao; > public TestImpl setTestDAO(ITestDAO dao) > { > this.dao = dao; > return this; > } > @Inject > private TestDescription testDescription; > public TestImpl setTestDescription(TestDescription testDescription) > { > this.testDescription = testDescription; > return this; > } > } > Error Logs: > 2017-02-09 13:11:22,256 ERROR [io.undertow.request] (default task-128) UT005023: Exception handling request to( My EndPoint): org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException > Caused by: java.lang.NullPointerException > at ServiceRegistryImpl.lookup(ServiceRegistryImpl.java:142) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139) > at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) > at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) > at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) > at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395) > ... 35 more -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017