March 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2497) Convert *-authentication-factory resources to be child resources of security-domain

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2497?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8182 to WFCORE-2497: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2497 (was: WFLY-8182) Component/s: Security (was: Security) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Convert *-authentication-factory resources to be child resources of security-domain > ----------------------------------------------------------------------------------- > > Key: WFCORE-2497 > URL: https://issues.jboss.org/browse/WFCORE-2497 > Project: WildFly Core > Issue Type: Task > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > This is a good example of where child resources work. > The authentication factory resources have a mandatory dependency on a single security domain. > The configuration within the factory is related to it's security domain. > There is only a single resource that can provide security domains. > The behaviour of the parent is unaffected by the existence or configuration of the child. > The parent and child manage their own services independently with the child's service depending on the parent's service. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2496) Functionality in WildFly to encrypt database passwords

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2496?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7900 to WFCORE-2496: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2496 (was: WFLY-7900) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 10.1.0.Final) > Functionality in WildFly to encrypt database passwords > ------------------------------------------------------ > > Key: WFCORE-2496 > URL: https://issues.jboss.org/browse/WFCORE-2496 > Project: WildFly Core > Issue Type: Feature Request > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Carlton Zachary > Assignee: Darran Lofthouse > > Is it possible to add functionality to WildFly to encrypt a data source password when the data source is being created? Currently WildFly/EAP stores the password as plain text in the domain.xml/standalone.xml. > Thanks -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2495) Autocomplete doesn't work properly in credential-reference.alias attribute.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2495?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8023 to WFCORE-2495: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2495 (was: WFLY-8023) Component/s: Security (was: Security) > Autocomplete doesn't work properly in credential-reference.alias attribute. > --------------------------------------------------------------------------- > > Key: WFCORE-2495 > URL: https://issues.jboss.org/browse/WFCORE-2495 > Project: WildFly Core > Issue Type: Enhancement > Components: Security > Reporter: Hynek Švábek > Assignee: Peter Skopek > > Autocomplete doesn't work properly in credential-reference.alias attribute. > I want to use autocomplete for credential-reference.alias when I the credential-reference.store attribute is filled but it doesn't work. > *How to reproduce* > {code} > /subsystem=elytron/credential-store=cs1:add(uri="cr-store://test/cs1.jceks", credential-reference={store=cs012, alias=<TAB> > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2493) Confusing attribute named http-server-factories in Elytron aggregate-http-server-mechanism-factory

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2493?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7455 to WFCORE-2493: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2493 (was: WFLY-7455) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Confusing attribute named http-server-factories in Elytron aggregate-http-server-mechanism-factory > -------------------------------------------------------------------------------------------------- > > Key: WFCORE-2493 > URL: https://issues.jboss.org/browse/WFCORE-2493 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > Elytron {{aggregate-http-server-mechanism-factory}} includes attribute named {{http-server-factories}} which refers {{org.wildfly.security.http-server-mechanism-factory}} capability. Name of this attribute should be changed from {{http-server-factories}} to {{http-server-mechanism-factories}} because: > * it should be consistent with other Elytron resources which uses name {{http-server-mechanism-factory}} > * it can be confused since {{http-server-factories}} seems as it may also refer some {{org.wildfly.security.http-authentication-factory}} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2492) CS tool, missing parameters compared to management API

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2492?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8201 to WFCORE-2492: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2492 (was: WFLY-8201) Component/s: Security (was: Security) > CS tool, missing parameters compared to management API > ------------------------------------------------------ > > Key: WFCORE-2492 > URL: https://issues.jboss.org/browse/WFCORE-2492 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > Labels: credential-store, wildfly-elytron-tool > > compared to management API I am missing these parameters: > * {{entry-type}} > * -{{providers}} + {{provider-name}}- > ** -user can gain alternative behaviour by editing java.security file- > * {{other-providers}} > ** user can gain alternative behaviour by editing java.security file. But it has to be ensured these providers are injected to implementation throught SPI -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2494) Auto-completion does not work for default-realm of Elytron security-domain in CLI

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2494?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7585 to WFCORE-2494: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2494 (was: WFLY-7585) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) > Auto-completion does not work for default-realm of Elytron security-domain in CLI > --------------------------------------------------------------------------------- > > Key: WFCORE-2494 > URL: https://issues.jboss.org/browse/WFCORE-2494 > Project: WildFly Core > Issue Type: Enhancement > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Jan Kalina > Priority: Minor > Labels: user_experience > > Auto-completion does not work for default-realm of Elytron security-domain in CLI. All attributes of security-domain support auto-completion through {{<TAB>}} button. The only one which does not support it is default-realm. It is probably caused by missing capability-reference. > Example: > {code} > /subsystem=elytron/security-domain=domain:add(default-realm=<TAB> > {code} > Does not show any security realms. However: > {code} > /subsystem=elytron/security-domain=domain:add(permission-mapper=<TAB> > {code} > Shows possible permission mappers. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2490) Multiple CredentialStores with ONE backed credential store file can rewrite values each other.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2490?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7623 to WFCORE-2490: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2490 (was: WFLY-7623) Component/s: Security (was: Security) > Multiple CredentialStores with ONE backed credential store file can rewrite values each other. > ---------------------------------------------------------------------------------------------- > > Key: WFCORE-2490 > URL: https://issues.jboss.org/browse/WFCORE-2490 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Peter Skopek > Priority: Blocker > > Multiple CredentialStores with ONE backed credential store file can rewrite values each other. > *How to reproduce* > {code} > /subsystem=elytron/credential-store=credStore001:add(uri="cr-store://test/cs001.jceks?store.password=pass123;create.storage=true") > /subsystem=elytron/credential-store=credStore001/alias="alias1":add(secret-value=Elytron) > {code} > {code} > /subsystem=elytron/credential-store=credStore002:add(uri="cr-store://test/cs001.jceks?store.password=pass123") > {code} > check CS file > there is "alias1" entry > {code} > /subsystem=elytron/credential-store=credStore001/alias="alias2":add(secret-value=Elytron) > {code} > check CS file > there are "alias1" and "alias2" entries > {code} > /subsystem=elytron/credential-store=credStore002/alias="alias123":add(secret-value=Elytron) > {code} > check CS file > there are "alias1" and "alias123" entries". > *NOTE* > It is problem, because we have one backed file. In memory we have right values for all Credential Stores, but after restart we can lost new entries. > In my opinion reason for this behaviour is: > We have CS loaded in memory and when we add new alias to CS then we save whole CS from memory to file. > We can set CS as non-modifiable when we use same backed file for CredentialStore but we must find better default behaviour. > *My suggestion for default behaviour* > When we want to add new alias to CredentialStore we can do this: > # refresh CS from file (and this file lock) > # add new alias to CS > # save CS to file > # unlock file > *But there is posible problem with performance....* -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2491) Complicated failure-description in Elytron constant-permission-mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2491?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7502 to WFCORE-2491: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2491 (was: WFLY-7502) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Complicated failure-description in Elytron constant-permission-mapper > --------------------------------------------------------------------- > > Key: WFCORE-2491 > URL: https://issues.jboss.org/browse/WFCORE-2491 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > There is complicated failure-description in Elytron constant-permission-mapper. Failure description in CLI should not contain Exception or snippet of stacktrace. Please instead of "Caused by:" parts from example below use some non-java administrator friendly message. > Complicated failure-description: > {code} > /subsystem=elytron/constant-permission-mapper=permission-mapper:add(permissions=[{class-name=WrongClass}]) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-mapper.permission-mapper" => "org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.permission-mapper: WFLYELY00021: Exception while creating the permission object for the permission mapping. Please check [class-name], [target-name] (name of permission) and [action] of [WrongClass]. > Caused by: org.wildfly.security.permission.InvalidPermissionClassException: ELY03015: Could not load permission class \"WrongClass\" > Caused by: java.lang.ClassNotFoundException: WrongClass from [Module \"org.wildfly.extension.elytron:main\" from local module loader @5479e3f (finder: local module finder @27082746 (roots: /home/olukas/workspace/temp/uxcli/jboss-eap-7.1/modules,/home/olukas/workspace/temp/uxcli/jboss-eap-7.1/modules/system/layers/base))]"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.permission-mapper.permission-mapper"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2489) CS tool, add prompt when --secret is missing

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2489?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8189 to WFCORE-2489: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2489 (was: WFLY-8189) Component/s: Security (was: Security) > CS tool, add prompt when --secret is missing > -------------------------------------------- > > Key: WFCORE-2489 > URL: https://issues.jboss.org/browse/WFCORE-2489 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Blocker > Labels: credential-store > > Use case: > - User have automation script using cs tool and user don't want secret value be stored in file. > - User don't want secret value to be stored in shell history after execution. > - User don't want secret value to be listed in {{ps -aux}} output. > There have to be possibility to omit --secret attribute. When omitting --secret attribute user interaction prompt should follow with possibility to input secret value. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2487) Elytron mapped-regex-realm-mapper "name" attribute has wrong description.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2487?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7685 to WFCORE-2487: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2487 (was: WFLY-7685) Component/s: Security (was: Security) > Elytron mapped-regex-realm-mapper "name" attribute has wrong description. > ------------------------------------------------------------------------- > > Key: WFCORE-2487 > URL: https://issues.jboss.org/browse/WFCORE-2487 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Dmitrii Tikhomirov > > Elytron mapped-regex-realm-mapper "name" attribute has wrong description. > {code} > https://github.com/wildfly-security/elytron-subsystem/blob/580569d17cb6c3... > {code} > *Actual description* > {code} > The unique name for the RealmMapper, note names used for NameRewriters must be unique > across the whole context. > {code} > *Expected description* > {code} > The unique name for the RealmMapper, note names used for RealmMappers must be unique > across the whole context. > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2017