March 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2245) credential-reference capability-reference constraint

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2245?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2245: ------------------------------- Fix Version/s: 3.0.0.Beta9 (was: 3.0.0.Beta8) > credential-reference capability-reference constraint > ---------------------------------------------------- > > Key: WFCORE-2245 > URL: https://issues.jboss.org/browse/WFCORE-2245 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Claudio Miranda > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta9 > > > There attribute credential-reference is defined in many subsystems as below. Looks like the capability-reference constraint should be set in the "store" field of the value-type, therefore I request a review on this capability-constraint placement. > {code} > "credential-reference" => { > "type" => OBJECT, > "description" => "Credential (from Credential Store) to authenticate on data source", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "capability-reference" => "org.wildfly.security.credential-store", > "access-constraints" => {"sensitive" => { > "credential" => {"type" => "core"}, > "data-source-security" => {"type" => "datasources"} > }}, > "value-type" => { > "store" => { > "type" => STRING, > "description" => "The name of the credential store holding the alias to credential", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "min-length" => 1L, > "max-length" => 2147483647L > }, > "alias" => { > "type" => STRING, > "description" => "The alias which denotes stored secret or credential in the store", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "min-length" => 1L, > "max-length" => 2147483647L > }, > "type" => { > "type" => STRING, > "description" => "The type of credential this reference is denoting", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "min-length" => 1L, > "max-length" => 2147483647L > }, > "clear-text" => { > "type" => STRING, > "description" => "Secret specified using clear text (check credential store way of supplying credential/secrets to services)", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "min-length" => 1L, > "max-length" => 2147483647L > } > }, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "all-services" > }, > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2163) Server does not start when Elytron authentication + legacy SSL is used in HTTP management interface

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2163?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2163: ------------------------------- Fix Version/s: 3.0.0.Beta9 (was: 3.0.0.Beta8) > Server does not start when Elytron authentication + legacy SSL is used in HTTP management interface > --------------------------------------------------------------------------------------------------- > > Key: WFCORE-2163 > URL: https://issues.jboss.org/browse/WFCORE-2163 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 3.0.0.Beta9 > > > In case when legacy security-realm for SSL is used together with Elytron authentication in HTTP management interface then server is not started. > I am using following configuration for HTTP management interface (see Steps to Reproduce for more details): > {code} > <http-interface http-authentication-factory="management-http-authentication" security-realm="ManagementRealmHTTPS"> > <http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/> > <socket-binding http="management-http" https="management-https"/> > </http-interface> > {code} > Server is not started and following errors occur in log: > {code} > ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.management.http.extensible: org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service > at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:330) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1963) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1896) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided. > at org.jboss.as.domain.http.server.ManagementHttpServer.getSSLContext(ManagementHttpServer.java:225) > at org.jboss.as.domain.http.server.ManagementHttpServer.create(ManagementHttpServer.java:254) > at org.jboss.as.domain.http.server.ManagementHttpServer.access$2400(ManagementHttpServer.java:107) > at org.jboss.as.domain.http.server.ManagementHttpServer$Builder.build(ManagementHttpServer.java:589) > at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:292) > ... 5 more > {code} > and > {code} > ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ > ("core-service" => "management"), > ("management-interface" => "http-interface") > ]) - failure description: { > "WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service > Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided."}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.management.http.extensible"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > } > ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ > ("core-service" => "management"), > ("management-interface" => "http-interface") > ]) - failure description: { > "WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service > Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided."}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.management.http.extensible"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > } > {code} > According to comments in EAP7-545 Analysis document [1], when security-realm and http-authentication-factory are specified but no ssl-context is used then it should lead to use legacy security-realm for SSL configuration and http-authentication-factory for authentication. > [1] https://docs.google.com/document/d/1LsS-CGUJSDwGcFUva0g-BF9ZIq0jwx__1e_oJ... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2136) Using management CLI with client configuration still prompts for username/password

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2136?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2136: ------------------------------- Fix Version/s: 3.0.0.Beta9 (was: 3.0.0.Beta8) > Using management CLI with client configuration still prompts for username/password > ---------------------------------------------------------------------------------- > > Key: WFCORE-2136 > URL: https://issues.jboss.org/browse/WFCORE-2136 > Project: WildFly Core > Issue Type: Bug > Components: CLI, Security > Reporter: Zach Rhoads > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta9 > > > When configuring the wildfly management cli to use an elytron client config file, server still prompts for username password. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2101) Ensure the default configurations used by clients will be compatible with stronger authentication mechanisms

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2101?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2101: ------------------------------- Fix Version/s: 3.0.0.Beta9 (was: 3.0.0.Beta8) > Ensure the default configurations used by clients will be compatible with stronger authentication mechanisms > ------------------------------------------------------------------------------------------------------------ > > Key: WFCORE-2101 > URL: https://issues.jboss.org/browse/WFCORE-2101 > Project: WildFly Core > Issue Type: Task > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Beta9 > > > i.e. a later AS release will start to enable mechs like SCRAM, client should work without additional configuration. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2521) TLS between domain and host controllers does not work

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2521?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2521: ------------------------------- Fix Version/s: 3.0.0.Beta9 (was: 3.0.0.Beta8) > TLS between domain and host controllers does not work > ----------------------------------------------------- > > Key: WFCORE-2521 > URL: https://issues.jboss.org/browse/WFCORE-2521 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Labels: domain-management, domain-mode, eap71_alpha, regression, ssl > Fix For: 3.0.0.Beta9 > > > This is regression against EAP 7.0 . Customers relying on this feature won't be able to migrate to EAP 7.1. > Working configuration of TLS between domain and host controller from EAP 7.0 (legacy) does not work on EAP 7.1 anymore. > In server log there is this error: > {code:title=server.log} > [Host Controller] Caused by: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL > [Host Controller] at org.jboss.remoting3.remote.ClientConnectionOpenListener$StartTls.handleEvent(ClientConnectionOpenListener.java:527) > [Host Controller] at org.jboss.remoting3.remote.ClientConnectionOpenListener$StartTls.handleEvent(ClientConnectionOpenListener.java:477) > [Host Controller] at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > [Host Controller] at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > [Host Controller] at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) > [Host Controller] at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) > [Host Controller] at ...asynchronous invocation...(Unknown Source) > [Host Controller] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:466) > [Host Controller] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:437) > [Host Controller] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:430) > [Host Controller] at org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:163) > [Host Controller] at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:119) > [Host Controller] ... 9 more > {code} > See attached server.log for context log. > Tests in wildfly-core covering this scenario are currently ignored: > * SSLMasterSlaveOneWayTestCase is ignored by WFCORE-1978 > * SSLMasterSlaveTwoWayTestCase is ignored by WFCORE-2068 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2497) Convert *-authentication-factory resources to be child resources of security-domain

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2497?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2497: ------------------------------- Fix Version/s: 3.0.0.Beta9 (was: 3.0.0.Beta8) > Convert *-authentication-factory resources to be child resources of security-domain > ----------------------------------------------------------------------------------- > > Key: WFCORE-2497 > URL: https://issues.jboss.org/browse/WFCORE-2497 > Project: WildFly Core > Issue Type: Task > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta9 > > > This is a good example of where child resources work. > The authentication factory resources have a mandatory dependency on a single security domain. > The configuration within the factory is related to it's security domain. > There is only a single resource that can provide security domains. > The behaviour of the parent is unaffected by the existence or configuration of the child. > The parent and child manage their own services independently with the child's service depending on the parent's service. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2378) Regression against 7.0.GA, Kerberos over CLI

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2378?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2378: ------------------------------- Fix Version/s: 3.0.0.Beta9 (was: 3.0.0.Beta8) > Regression against 7.0.GA, Kerberos over CLI > -------------------------------------------- > > Key: WFCORE-2378 > URL: https://issues.jboss.org/browse/WFCORE-2378 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Blocker > Labels: regression > Fix For: 3.0.0.Beta9 > > > It is not possible to authenticate to CLI using kerberos. > Same configuration works well against 7.0.0.GA > {code:titl=server.log on TRACE level} > 17:32:21,109 TRACE [org.wildfly.security.sasl.gssapi.server] (management I/O-2) configuredMaxReceiveBuffer=16777215 > 17:32:21,109 TRACE [org.wildfly.security.sasl.gssapi.server] (management I/O-2) relaxComplianceChecks=false > 17:32:21,109 TRACE [org.wildfly.security.sasl.gssapi.server] (management I/O-2) QOP={AUTH} > 17:32:21,109 TRACE [org.wildfly.security.sasl.gssapi.server] (management I/O-2) Our name 'remote(a)localhost.localdomain' > 17:32:21,113 INFO [stdout] (management I/O-2) Java config name: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb5-945898887586223869.conf > 17:32:21,113 INFO [stdout] (management I/O-2) Loaded from Java config > 17:32:21,114 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Unable to create SaslServer: javax.security.sasl.SaslException: ELY05029: [GSSAPI] Unable to create GSSContext [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails)] > at org.wildfly.security.sasl.gssapi.GssapiServer.<init>(GssapiServer.java:77) > at org.wildfly.security.sasl.gssapi.GssapiServerFactory.createSaslServer(GssapiServerFactory.java:44) > at org.wildfly.security.sasl.util.SecurityProviderSaslServerFactory.createSaslServer(SecurityProviderSaslServerFactory.java:77) > at org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory.createSaslServer(FilterMechanismSaslServerFactory.java:88) > at org.wildfly.security.sasl.util.PropertiesSaslServerFactory.createSaslServer(PropertiesSaslServerFactory.java:56) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) > at org.wildfly.security.sasl.util.SetMechanismInformationSaslServerFactory.createSaslServer(SetMechanismInformationSaslServerFactory.java:79) > at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory.createSaslServer(AuthenticationCompleteCallbackSaslServerFactory.java:51) > at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.createSaslServer(TrustManagerSaslServerFactory.java:72) > at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory.createSaslServer(AuthenticationTimeoutSaslServerFactory.java:74) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) > at org.wildfly.security.sasl.util.ServerNameSaslServerFactory.createSaslServer(ServerNameSaslServerFactory.java:48) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) > at org.wildfly.security.sasl.util.ProtocolSaslServerFactory.createSaslServer(ProtocolSaslServerFactory.java:48) > at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory.createSaslServer(SecurityIdentitySaslServerFactory.java:51) > at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:59) > at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:50) > at org.wildfly.security.auth.server.AbstractMechanismAuthenticationFactory.createMechanism(AbstractMechanismAuthenticationFactory.java:54) > at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:259) > at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:125) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) > Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) > at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87) > at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:127) > at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193) > at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427) > at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:62) > at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154) > at org.wildfly.security.sasl.gssapi.GssapiServer.<init>(GssapiServer.java:72) > ... 24 more > 17:32:21,115 TRACE [org.jboss.remoting.remote] (management I/O-2) Rejected invalid SASL mechanism GSSAPI > 17:32:21,115 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Sent 5 bytes > 17:32:21,115 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Flushed channel > 17:32:21,115 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header > 17:32:21,115 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers > 17:32:21,115 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received 59 bytes > 17:32:21,116 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received message java.nio.HeapByteBuffer[pos=0 lim=55 cap=8192] > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Received java.nio.HeapByteBuffer[pos=0 lim=55 cap=8192] > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capabilities request > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: version 1 > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote endpoint name "cli-client" > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: message close protocol supported > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote version is "5.0.0.Beta17-redhat-1" > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote channels in is "40" > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote channels out is "40" > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: authentication service > 17:32:21,116 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Sent 77 bytes > 17:32:21,116 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Flushed channel > 17:32:21,118 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header > 17:32:21,118 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers > 17:32:21,118 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received EOF > 17:32:21,118 TRACE [org.jboss.remoting.remote] (management I/O-2) Received connection end-of-stream > 17:32:21,441 INFO [org.jboss.eapqe.krbldap.eap7.utils.CustomCLIExecutor] (main) CLI executor output: > 17:32:21,441 INFO [org.jboss.eapqe.krbldap.eap7.utils.CustomCLIExecutor] (main) Java config name: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb5-945898887586223869.conf > Loaded from Java config > >>>KinitOptions cache name is /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb5cc > >>>DEBUG <CCacheInputStream> client principal is hnelson7259cb36-69b2-4e28-afb5-f668120a8dea(a)JBOSS.ORG > >>>DEBUG <CCacheInputStream> server principal is krbtgt/JBOSS.ORG(a)JBOSS.ORG > >>>DEBUG <CCacheInputStream> key type: 17 > >>>DEBUG <CCacheInputStream> auth time: Thu Feb 23 17:32:11 CET 2017 > >>>DEBUG <CCacheInputStream> start time: Thu Feb 23 17:32:11 CET 2017 > >>>DEBUG <CCacheInputStream> end time: Fri Feb 24 01:32:11 CET 2017 > >>>DEBUG <CCacheInputStream> renew_till time: null > >>> CCacheInputStream: readFlags() INITIAL; PRE_AUTH; > Found ticket for hnelson7259cb36-69b2-4e28-afb5-f668120a8dea(a)JBOSS.ORG to go to krbtgt/JBOSS.ORG(a)JBOSS.ORG expiring on Fri Feb 24 01:32:11 CET 2017 > Entered Krb5Context.initSecContext with state=STATE_NEW > Service ticket not found in the subject > >>> Credentials acquireServiceCreds: same realm > default etypes for default_tgs_enctypes: 17. > >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType > >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType > >>> KdcAccessibility: reset > >>> KrbKdcReq send: kdc=localhost.localdomain UDP:6088, timeout=5000, number of retries =3, #bytes=648 > >>> KDCCommunication: kdc=localhost.localdomain UDP:6088, timeout=5000,Attempt =1, #bytes=648 > >>> KrbKdcReq send: #bytes read=634 > >>> KdcAccessibility: remove localhost.localdomain:6088 > >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType > >>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000 > >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType > Krb5Context setting mySeqNumber to: 951540638 > Krb5Context setting peerSeqNumber to: 0 > Created InitSecContextToken: > 0000: 01 00 6E 82 02 2C 30 82 02 28 A0 03 02 01 05 A1 ..n..,0..(...... > 0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................ > 0020: 2C 61 82 01 28 30 82 01 24 A0 03 02 01 05 A1 0B ,a..(0..$....... > 0030: 1B 09 4A 42 4F 53 53 2E 4F 52 47 A2 2A 30 28 A0 ..JBOSS.ORG.*0(. > 0040: 03 02 01 00 A1 21 30 1F 1B 06 72 65 6D 6F 74 65 .....!0...remote > 0050: 1B 15 6C 6F 63 61 6C 68 6F 73 74 2E 6C 6F 63 61 ..localhost.loca > 0060: 6C 64 6F 6D 61 69 6E A3 81 E3 30 81 E0 A0 03 02 ldomain...0..... > 0070: 01 11 A2 81 D8 04 81 D5 AF 46 53 89 B1 22 66 A6 .........FS.."f. > 0080: C7 3C 9B 50 EB 36 7C D7 95 45 C9 46 BE A7 17 43 .<.P.6...E.F...C > 0090: CD 9E DB B1 34 F7 1E 89 A4 D8 7B 2D 37 F9 4D DE ....4......-7.M. > 00A0: 8C B6 9D 07 83 2B 3E BF 80 34 34 CB 52 B9 01 95 .....+>..44.R... > 00B0: AF 07 D1 8A 15 F8 7D 29 56 03 63 36 13 44 17 0B .......)V.c6.D.. > 00C0: C9 31 CD 6F 41 35 5D B2 5A 5F 25 27 20 8D DE 9A .1.oA5].Z_%' ... > 00D0: 1B A9 26 A9 22 E2 81 4C 18 BB F9 15 27 A4 75 68 ..&."..L....'.uh > 00E0: AF FE F4 2D 84 6D 44 24 73 C8 18 C0 3E 85 3E 0C ...-.mD$s...>.>. > 00F0: 6E 2C 89 FA 54 0B F6 E4 D3 C9 DA A3 61 14 5F 97 n,..T.......a._. > 0100: 1D FE 6A 70 D7 C7 9C D2 91 D7 D0 B0 88 20 A1 C8 ..jp......... .. > 0110: 53 42 DD 6B DB 3C 39 DC 2C DF 8A 52 C9 8B E4 0B SB.k.<9.,..R.... > 0120: AD 05 B8 81 08 0E D2 4E 83 F9 23 C8 DC F1 9A 42 .......N..#....B > 0130: BD 44 A4 DB CB E6 64 9B 9D 53 FA F3 4E 77 99 5F .D....d..S..Nw._ > 0140: AE 0C B3 52 11 B5 6E 65 FB 2C 6E D9 49 A4 81 E2 ...R..ne.,n.I... > 0150: 30 81 DF A0 03 02 01 11 A2 81 D7 04 81 D4 13 3B 0..............; > 0160: BB 37 F0 B9 F9 C3 60 E0 80 DA A2 8D 0C E9 8A 34 .7....`........4 > 0170: DA E1 55 CB 4F 09 EB 36 3A F4 68 D3 90 D9 0F CD ..U.O..6:.h..... > 0180: 0F BA 50 1C A9 5C 70 84 1B CD 43 12 33 41 8A CA ..P..\p...C.3A.. > 0190: 46 B0 21 4B 10 D7 22 5C EC D0 79 C1 0D 5E 1C 58 F.!K.."\..y..^.X > 01A0: 64 7C 75 43 77 96 82 1F 3A AD A2 C1 C4 9B 96 5B d.uCw...:......[ > 01B0: 0D 1B DC 60 BD 76 91 69 53 DE 2F 34 CF 9E 0B EE ...`.v.iS./4.... > 01C0: 8D D9 98 E0 37 AB 8D 2F 0D 61 B5 8C 10 43 20 2B ....7../.a...C + > 01D0: 6D 36 E1 0F 5B 23 22 8A 76 1B 55 0C 2E A1 8C D7 m6..[#".v.U..... > 01E0: 8C 6F D2 07 2B 26 3B BF 54 74 9B 76 4A 78 2B E8 .o..+&;.Tt.vJx+. > 01F0: 70 E3 81 08 E9 8B A3 F1 69 A3 E2 BE 1D 5B 8F 3A p.......i....[.: > 0200: 0F 34 3D 2D 01 69 C4 FC 67 FB 13 4B F3 D9 BE 94 .4=-.i..g..K.... > 0210: 9D 24 75 92 32 13 4B 8B 18 D0 FF 3B F9 51 19 90 .$u.2.K....;.Q.. > 0220: 44 63 61 BF A0 91 9E 76 9D 42 AA 3D B3 46 64 0A Dca....v.B.=.Fd. > 0230: 0D 19 .. > Failed to connect to the controller: Unable to authenticate against controller at localhost.localdomain:9990: Authentication failed: all available authentication mechanisms failed: > GSSAPI: Server rejected authentication > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2349) Add RemoteManagementPermission and RemoteJMXPermission checks for remote clients.

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2349?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2349: ------------------------------- Fix Version/s: 3.0.0.Beta9 (was: 3.0.0.Beta8) > Add RemoteManagementPermission and RemoteJMXPermission checks for remote clients. > --------------------------------------------------------------------------------- > > Key: WFCORE-2349 > URL: https://issues.jboss.org/browse/WFCORE-2349 > Project: WildFly Core > Issue Type: Enhancement > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta9 > > > Other services such as EJB and transactions have a Remote*Permission to verify the remote client has the required permission to use that service - this should be repeated for the management related services to control what a remote client can and can not connect to. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2317) Nested attributes are not validated

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2317?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2317: ------------------------------- Fix Version/s: 3.0.0.Beta9 (was: 3.0.0.Beta8) > Nested attributes are not validated > ----------------------------------- > > Key: WFCORE-2317 > URL: https://issues.jboss.org/browse/WFCORE-2317 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management > Affects Versions: 3.0.0.Alpha25 > Reporter: Michal Petrov > Assignee: Michal Petrov > Fix For: 3.0.0.Beta9 > > > Attributes of type Object do not have their inner attributes validated for e.g. "requires" and "alternatives". -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2350) In legacy security realms grant RemoteEJBPermission and RemoteTransactionPermission by default.

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2350?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2350: ------------------------------- Fix Version/s: 3.0.0.Beta9 (was: 3.0.0.Beta8) > In legacy security realms grant RemoteEJBPermission and RemoteTransactionPermission by default. > ----------------------------------------------------------------------------------------------- > > Key: WFCORE-2350 > URL: https://issues.jboss.org/browse/WFCORE-2350 > Project: WildFly Core > Issue Type: Enhancement > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta9 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2017